🔒 fix: Address on-headers CVE-2025-7339 (#8553)

* 📦 chore: bump `compression` from 1.7.4 to 1.8.1

* chore: bump `express-session` to v1.18.2

* chore: update `connect-redis` from v7.1.0 to v8.1.0

* chore: update import for `connect-redis` to use named export due to v8.0.0 breaking change

api/cache/cacheFactory.js

@@ -3,7 +3,7 @@ const { Keyv } = require('keyv');
 const { cacheConfig } = require('./cacheConfig');
 const { keyvRedisClient, ioredisClient, GLOBAL_PREFIX_SEPARATOR } = require('./redisClients');
 const { Time } = require('librechat-data-provider');
-const ConnectRedis = require('connect-redis').default;
+const { RedisStore: ConnectRedis } = require('connect-redis');
 const MemoryStore = require('memorystore')(require('express-session'));
 const { violationFile } = require('./keyvFiles');
 const { RedisStore } = require('rate-limit-redis');

api/cache/cacheFactory.spec.js

@@ -44,9 +44,7 @@ jest.mock('./keyvFiles', () => ({
   violationFile: mockViolationFile,
 }));
 
-jest.mock('connect-redis', () => ({
-  default: mockConnectRedis,
-}));
+jest.mock('connect-redis', () => ({ RedisStore: mockConnectRedis }));
 
 jest.mock('memorystore', () => jest.fn(() => mockMemoryStore));