diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index 9af07cd62..744ee2fc1 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -32,7 +32,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node-version: [18, 20, 21]
+        node-version: [18, 20, 22]
         os: [ubuntu-latest]
 
     steps:
@@ -83,7 +83,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node-version: [16, 18, 20]
+        node-version: [18, 20, 22]
         os: [ubuntu-latest]
 
     steps:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c8ef203c1..2847e4604 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,5 +10,3 @@ jobs:
     secrets:
       NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
       GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
-    with:
-      checkTest: false
diff --git a/app/common/CryptoUtil.ts b/app/common/CryptoUtil.ts
index 478c5c595..7019106e9 100644
--- a/app/common/CryptoUtil.ts
+++ b/app/common/CryptoUtil.ts
@@ -20,7 +20,8 @@ export function genRSAKeys(): { publicKey: string, privateKey: string } {
 export function encryptRSA(publicKey: string, data: string): string {
   return publicEncrypt({
     key: publicKey,
-    padding: constants.RSA_PKCS1_PADDING,
+    // https://zhuanlan.zhihu.com/p/356604821
+    padding: constants.RSA_PKCS1_OAEP_PADDING,
   }, Buffer.from(data, 'utf8')).toString('base64');
 }
 
@@ -28,6 +29,6 @@ export function encryptRSA(publicKey: string, data: string): string {
 export function decryptRSA(privateKey: string, data: string) {
   return privateDecrypt({
     key: privateKey,
-    padding: constants.RSA_PKCS1_PADDING,
+    padding: constants.RSA_PKCS1_OAEP_PADDING,
   }, Buffer.from(data, 'base64')).toString('utf8');
 }
diff --git a/package.json b/package.json
index 2489df7fb..8c9c8b1cf 100644
--- a/package.json
+++ b/package.json
@@ -60,9 +60,6 @@
     "url": "git@github.com:cnpm/cnpmcore.git"
   },
   "egg": {
-    "revert": [
-      "CVE-2023-46809"
-    ],
     "typescript": true
   },
   "keywords": [
diff --git a/test/port/webauth/webauthController.test.ts b/test/port/webauth/webauthController.test.ts
index 61724e3b3..f3bbc2524 100644
--- a/test/port/webauth/webauthController.test.ts
+++ b/test/port/webauth/webauthController.test.ts
@@ -122,7 +122,6 @@ describe('test/port/webauth/webauthController.test.ts', () => {
       });
 
       it('should login success', async () => {
-
         const password = encryptRSA(rsaKeys.publicKey, 'flymetothemoon');
         const res = await app.httpRequest()
           .post(`/-/v1/login/request/session/${sessionId}`)