diff --git a/package-lock.json b/package-lock.json
index 2c8dfc1cd9..67449dee53 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,7 @@
       "dependencies": {
         "@apollo/server": "4.11.0",
         "@babel/eslint-parser": "7.25.8",
-        "@graphql-tools/merge": "^9.0.7",
+        "@graphql-tools/merge": "9.0.7",
         "@graphql-tools/schema": "10.0.4",
         "@graphql-tools/utils": "8.12.0",
         "@parse/fs-files-adapter": "3.0.0",
@@ -39,7 +39,7 @@
         "mime": "3.0.0",
         "mongodb": "5.9.0",
         "mustache": "4.2.0",
-        "otpauth": "9.3.1",
+        "otpauth": "9.3.4",
         "parse": "5.3.0",
         "path-to-regexp": "6.3.0",
         "pg-monitor": "2.1.0",
@@ -3379,11 +3379,11 @@
       }
     },
     "node_modules/@noble/hashes": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.4.0.tgz",
-      "integrity": "sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.5.0.tgz",
+      "integrity": "sha512-1j6kQFb7QRru7eKN3ZDvRcP13rugwdxZqCjbiAVZfIJwgj2A65UmT4TgARXGlXgnRkORLTDTrO19ZErt7+QXgA==",
       "engines": {
-        "node": ">= 16"
+        "node": "^14.21.3 || >=16"
       },
       "funding": {
         "url": "https://paulmillr.com/funding/"
@@ -17147,11 +17147,11 @@
       }
     },
     "node_modules/otpauth": {
-      "version": "9.3.1",
-      "resolved": "https://registry.npmjs.org/otpauth/-/otpauth-9.3.1.tgz",
-      "integrity": "sha512-E6d2tMxPofHNk4sRFp+kqW7vQ+WJGO9VLI2N/W00DnI+ThskU12Qa10kyNSGklrzhN5c+wRUsN4GijVgCU2N9w==",
+      "version": "9.3.4",
+      "resolved": "https://registry.npmjs.org/otpauth/-/otpauth-9.3.4.tgz",
+      "integrity": "sha512-qXv+lpsCUO9ewitLYfeDKbLYt7UUCivnU/fwGK2OqhgrCBsRkTUNKWsgKAhkXG3aistOY+jEeuL90JEBu6W3mQ==",
       "dependencies": {
-        "@noble/hashes": "1.4.0"
+        "@noble/hashes": "1.5.0"
       },
       "funding": {
         "url": "https://github.com/hectorm/otpauth?sponsor=1"
@@ -23906,9 +23906,9 @@
       }
     },
     "@noble/hashes": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.4.0.tgz",
-      "integrity": "sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg=="
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.5.0.tgz",
+      "integrity": "sha512-1j6kQFb7QRru7eKN3ZDvRcP13rugwdxZqCjbiAVZfIJwgj2A65UmT4TgARXGlXgnRkORLTDTrO19ZErt7+QXgA=="
     },
     "@node-rs/bcrypt": {
       "version": "1.10.4",
@@ -33739,11 +33739,11 @@
       }
     },
     "otpauth": {
-      "version": "9.3.1",
-      "resolved": "https://registry.npmjs.org/otpauth/-/otpauth-9.3.1.tgz",
-      "integrity": "sha512-E6d2tMxPofHNk4sRFp+kqW7vQ+WJGO9VLI2N/W00DnI+ThskU12Qa10kyNSGklrzhN5c+wRUsN4GijVgCU2N9w==",
+      "version": "9.3.4",
+      "resolved": "https://registry.npmjs.org/otpauth/-/otpauth-9.3.4.tgz",
+      "integrity": "sha512-qXv+lpsCUO9ewitLYfeDKbLYt7UUCivnU/fwGK2OqhgrCBsRkTUNKWsgKAhkXG3aistOY+jEeuL90JEBu6W3mQ==",
       "requires": {
-        "@noble/hashes": "1.4.0"
+        "@noble/hashes": "1.5.0"
       }
     },
     "p-cancelable": {
diff --git a/package.json b/package.json
index 9f2dbcfa5f..6c1ccdfe85 100644
--- a/package.json
+++ b/package.json
@@ -48,7 +48,7 @@
     "mime": "3.0.0",
     "mongodb": "5.9.0",
     "mustache": "4.2.0",
-    "otpauth": "9.3.1",
+    "otpauth": "9.3.4",
     "parse": "5.3.0",
     "path-to-regexp": "6.3.0",
     "pg-monitor": "2.1.0",