[otp-generator] otp-generator before v3.0.0 insecurely generates random one-time passwords

The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-23451
• https://github.com/Maheshkumar-Kakade/otp-generator/issues/12
• https://github.com/Maheshkumar-Kakade/otp-generator/commit/b27de1ce439ae7f533cec26677e9698671275b70
• https://security.snyk.io/vuln/SNYK-JS-OTPGENERATOR-1655480
• https://github.com/advisories/GHSA-6×93-h9g3-9phr