ankhbayar/Assist_Design
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Update dependencies and clean up package configurations

Browse Source 
- Upgraded `@eslint/js` and `eslint` to version 9.39.2 for improved linting capabilities.
- Updated `zod` to version 4.2.0 in various dependencies to ensure compatibility and access to the latest features.
- Standardized quotes in `pnpm-lock.yaml` and `pnpm-workspace.yaml` for consistency.
- Removed obsolete `~$MPLETE-GUIDE.docx` file from the documentation directory.
This commit is contained in:
barsa 2025-12-15 17:55:54 +09:00
parent f1c88b6017
commit 540c0ba10c
14 changed files with 869 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
.github/dependabot.yml vendored
View File

@ -1,126 +1,68 @@
# Dependabot configuration for automated dependency updates
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates
version: 2
updates:
# NPM dependencies for the monorepo
# Enable version updates for npm
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
timezone: "UTC"
open-pull-requests-limit: 10
reviewers:
- "barsa"
labels:
- "dependencies"
- "automated"
commit-message:
prefix: "chore(deps):"
- "security"
# Group updates together to reduce PR noise
groups:
# Group NestJS packages together
nestjs:
patterns:
- "@nestjs/*"
# Group all non-security updates
development-dependencies:
dependency-type: "development"
update-types:
- "minor"
- "patch"
# Group React/Next.js packages together
react-next:
patterns:
- "react"
- "react-dom"
- "next"
- "@next/*"
update-types:
- "minor"
- "patch"
# Group TypeScript tooling
typescript-tooling:
patterns:
- "typescript"
- "typescript-eslint"
- "@types/*"
- "ts-*"
update-types:
- "minor"
- "patch"
# Group testing packages
testing:
patterns:
- "jest"
- "@jest/*"
- "supertest"
- "@types/jest"
update-types:
- "minor"
- "patch"
# Group linting/formatting
linting:
patterns:
- "eslint"
- "eslint-*"
- "@eslint/*"
- "prettier"
update-types:
- "minor"
- "patch"
# Group Tailwind CSS
tailwind:
patterns:
- "tailwindcss"
- "@tailwindcss/*"
- "tailwind-*"
update-types:
- "minor"
- "patch"
# Group Prisma
prisma:
patterns:
- "prisma"
- "@prisma/*"
production-dependencies:
dependency-type: "production"
update-types:
- "minor"
- "patch"
# Auto-merge patch updates for dev dependencies
allow:
- dependency-type: "development"
update-types: ["patch"]
# Ignore specific packages if needed
ignore:
# Ignore major version updates for critical packages (review manually)
- dependency-name: "next"
update-types: ["version-update:semver-major"]
- dependency-name: "react"
update-types: ["version-update:semver-major"]
- dependency-name: "react-dom"
update-types: ["version-update:semver-major"]
- dependency-name: "@prisma/client"
update-types: ["version-update:semver-major"]
- dependency-name: "prisma"
update-types: ["version-update:semver-major"]
# Example: ignore major version updates for specific packages
# - dependency-name: "next"
# update-types: ["version-update:semver-major"]
versioning-strategy: increase
commit-message:
prefix: "chore(deps)"
prefix-development: "chore(deps-dev)"
include: "scope"
# Docker base images
- package-ecosystem: "docker"
directory: "/apps/portal"
schedule:
interval: "weekly"
day: "monday"
labels:
- "dependencies"
- "docker"
- package-ecosystem: "docker"
directory: "/apps/bff"
schedule:
interval: "weekly"
day: "monday"
labels:
- "dependencies"
- "docker"
# GitHub Actions
# Monitor GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
labels:
- "dependencies"
- "github-actions"
- "security"
commit-message:
prefix: "ci"
# Monitor Docker dependencies if you're using Docker
- package-ecosystem: "docker"
directory: "/docker"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
labels:
- "docker"
- "security"
commit-message:
prefix: "chore(docker)"

42
.github/workflows/dependency-update.yml vendored Normal file
View File

@ -0,0 +1,42 @@
name: Auto-merge Dependabot PRs
on:
pull_request:
branches:
- main
- master
permissions:
contents: write
pull-requests: write
jobs:
dependabot:
name: Auto-merge Dependabot PRs
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Auto-approve patch and minor updates
if: |
steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
steps.metadata.outputs.update-type == 'version-update:semver-minor'
run: |
gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Enable auto-merge for patch updates
if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
run: |
gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

58
.github/workflows/pr-checks.yml vendored Normal file
View File

@ -0,0 +1,58 @@
name: Pull Request Checks
on:
pull_request:
branches:
- main
- master
jobs:
quality-checks:
name: Code Quality & Security
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "22"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: "10.25.0"
- name: Get pnpm store directory
id: pnpm-cache
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run linter
run: pnpm lint
- name: Run type check
run: pnpm type-check
- name: Run security audit
run: pnpm security:check
- name: Run tests
run: pnpm test
- name: Check formatting
run: pnpm format:check

175
.github/workflows/security.yml vendored
View File

@ -1,86 +1,173 @@
name: Security Audit
on:
# Run on every push to main/master
push:
branches: [main, develop]
branches:
- main
- master
# Run on all pull requests
pull_request:
branches: [main, develop]
# Run daily at 9 AM UTC
schedule:
# Run every Monday at 9:00 AM UTC
- cron: "0 9 * * 1"
- cron: "0 9 * * *"
# Allow manual trigger
workflow_dispatch:
jobs:
audit:
name: Security Audit
security-audit:
name: Security Vulnerability Audit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.25.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22
cache: "pnpm"
node-version: "22"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: "10.25.0"
- name: Get pnpm store directory
id: pnpm-cache
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run security audit
id: audit
run: |
echo "## 🔒 Security Audit Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Run audit and capture exit code
pnpm audit --audit-level=high || echo "AUDIT_FAILED=true" >> $GITHUB_OUTPUT
# Run audit and capture output
if pnpm audit --audit-level=high 2>&1 | tee audit-output.txt; then
echo "✅ No high or critical vulnerabilities found!" >> $GITHUB_STEP_SUMMARY
else
echo "⚠️ Vulnerabilities detected. See details below." >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
cat audit-output.txt >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
# Fail the workflow for high/critical vulnerabilities
exit 1
fi
# Generate detailed report
pnpm audit --json > audit-report.json || true
- name: Check for outdated packages
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
- name: Parse audit results
if: steps.audit.outputs.AUDIT_FAILED == 'true'
run: |
echo "" >> $GITHUB_STEP_SUMMARY
echo "## 📦 Outdated Packages" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
pnpm outdated --recursive 2>&1 | head -100 >> $GITHUB_STEP_SUMMARY || true
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "⚠️ Security vulnerabilities detected!"
echo "Please review the audit report and update vulnerable packages."
pnpm audit
exit 1
codeql:
name: CodeQL Analysis
- name: Upload audit report
if: always()
uses: actions/upload-artifact@v4
with:
name: security-audit-report
path: audit-report.json
retention-days: 30
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
# Only run on pull requests
if: github.event_name == 'pull_request'
steps:
- name: Checkout repository
- name: Checkout code
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
fail-on-severity: high
deny-licenses: GPL-2.0, GPL-3.0
codeql-analysis:
name: CodeQL Security Analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["javascript", "typescript"]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: javascript-typescript
languages: ${{ matrix.language }}
queries: security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:javascript-typescript"
category: "/language:${{matrix.language}}"
outdated-dependencies:
name: Check Outdated Dependencies
runs-on: ubuntu-latest
# Only run on schedule or manual trigger
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "22"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: "10.25.0"
- name: Check for outdated dependencies
run: |
pnpm outdated --recursive || true
pnpm outdated --recursive > outdated-report.txt || true
- name: Upload outdated report
uses: actions/upload-artifact@v4
with:
name: outdated-dependencies-report
path: outdated-report.txt
retention-days: 7
- name: Create issue for outdated dependencies
if: github.event_name == 'schedule'
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const report = fs.readFileSync('outdated-report.txt', 'utf8');
if (report.trim()) {
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: `Outdated Dependencies Report - ${new Date().toISOString().split('T')[0]}`,
body: `## 📦 Outdated Dependencies Report\n\nThe following dependencies are outdated:\n\n\`\`\`\n${report}\n\`\`\`\n\nPlease review and update as needed.`,
labels: ['dependencies', 'security']
});
}

5
.gitignore vendored
View File

@ -161,3 +161,8 @@ prisma/migrations/dev.db*
# API Documentation (contains sensitive API details)
docs/freebit-apis/
# Security reports
security-report.json
audit-report.json
outdated-report.txt

10
.husky/pre-push Executable file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"
# Optional: Run security audit before pushing
# Uncomment to enable strict security checks before push
# echo "🔍 Running security audit..."
# pnpm security:check
echo "✅ Pre-push checks passed"

167
SECURITY.md Normal file
View File

@ -0,0 +1,167 @@
# Security Policy
## 🔒 Security Overview
This document outlines the security practices and policies for the Customer Portal project.
## 🚨 Reporting a Vulnerability
If you discover a security vulnerability, please follow these steps:
1. **DO NOT** open a public issue
2. Email the security team directly at: [your-security-email@example.com]
3. Include detailed information about the vulnerability:
- Type of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
We will acknowledge receipt within 48 hours and provide a detailed response within 7 days.
## 🛡️ Security Measures
### Automated Security Checks
We use multiple layers of automated security scanning:
#### 1. **Continuous Monitoring**
- **Daily Security Audits**: Automated checks run daily at 9 AM UTC
- **Pull Request Scans**: Every PR is scanned for vulnerabilities
- **Dependency Review**: All dependency changes are reviewed automatically
#### 2. **Dependency Management**
- **Dependabot**: Automatically creates PRs for security updates
- **Weekly Dependency Checks**: Reviews for outdated packages
- **Auto-merge**: Low-risk patches are auto-merged after CI passes
#### 3. **Code Analysis**
- **CodeQL**: Static analysis for security vulnerabilities
- **Linting**: ESLint with security rules
- **Type Safety**: TypeScript for compile-time safety
### Local Security Checks
#### Run Security Audit
```bash
# Check for high and critical vulnerabilities
pnpm security:check
# Full audit report
pnpm security:audit
```
#### Check for Outdated Dependencies
```bash
# View outdated packages
pnpm update:check
# Safe update with verification
pnpm update:safe
```
#### Pre-commit Checks
Security audits are automatically run on:
- Pre-commit (type checking and linting)
- Pre-push (optional security audit - see `.husky/pre-push`)
## 📋 Security Checklist
### For Developers
- [ ] Run `pnpm security:check` before committing
- [ ] Keep dependencies up to date
- [ ] Review Dependabot PRs promptly
- [ ] Never commit secrets or sensitive data
- [ ] Use environment variables for configuration
- [ ] Follow secure coding practices
- [ ] Review security warnings in CI/CD
### For Maintainers
- [ ] Review security audit reports weekly
- [ ] Update vulnerable dependencies immediately
- [ ] Monitor GitHub Security Advisories
- [ ] Review and merge Dependabot PRs
- [ ] Conduct security reviews for major changes
- [ ] Keep documentation up to date
## 🔐 Secret Management
### Never Commit:
- API keys
- Database credentials
- Private keys
- Tokens or passwords
- Configuration with sensitive data
### Use Instead:
- Environment variables (`.env` files - gitignored)
- Secret management services
- Encrypted secrets in CI/CD
- The `secrets/` folder (gitignored)
## 🏷️ Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 1.x.x | :white_check_mark: |
## 📚 Security Resources
### Internal Documentation
- [Environment Configuration](./docs/portal-guides/COMPLETE-GUIDE.md)
- [Deployment Guide](./docs/portal-guides/)
### External Resources
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
- [Node.js Security Best Practices](https://nodejs.org/en/docs/guides/security/)
- [npm Security Best Practices](https://docs.npmjs.com/security)
## 🔄 Security Update Process
1. **Vulnerability Detected**
- Automated scan identifies issue
- GitHub Security Advisory created
- Team notified
2. **Assessment**
- Severity evaluated
- Impact assessed
- Priority assigned
3. **Remediation**
- Fix developed and tested
- Security patch released
- Dependabot creates PR
4. **Deployment**
- PR reviewed and approved
- Changes deployed to production
- Verification performed
5. **Communication**
- Team notified of fix
- Documentation updated
- Incident logged
## 📞 Contact
For security concerns, contact:
- **Email**: [your-security-email@example.com]
- **Emergency**: [emergency-contact]
---
Last updated: December 2025

2
apps/portal/package.json
View File

@ -24,7 +24,7 @@
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"date-fns": "^4.1.0",
"next": "16.0.9",
"next": "16.0.10",
"react": "19.2.1",
"react-dom": "19.2.1",
"tailwind-merge": "^3.4.0",

220
docs/SECURITY-MONITORING.md Normal file
View File

@ -0,0 +1,220 @@
# Security Monitoring Setup
## 🎯 Quick Start
Your project now has comprehensive security monitoring! Here's what was set up:
## 📦 What's Included
### 1. **GitHub Actions Workflows** (`.github/workflows/`)
#### `security.yml` - Main Security Pipeline
- **Daily scans** at 9 AM UTC
- **Pull request** security checks
- **Manual trigger** available
- Includes:
- Dependency vulnerability audit
- Dependency review (for PRs)
- CodeQL security analysis
- Outdated dependencies check
#### `pr-checks.yml` - Pull Request Quality Gate
- Runs on every PR
- Checks: linting, type safety, security audit, tests, formatting
#### `dependency-update.yml` - Auto-merge Helper
- Auto-approves safe dependency updates
- Auto-merges patch updates
- Works with Dependabot
### 2. **Dependabot Configuration** (`.github/dependabot.yml`)
- **Weekly** dependency updates (Mondays at 9 AM)
- Groups updates to reduce PR noise
- Monitors: npm, GitHub Actions, Docker
- Auto-labels PRs for easy tracking
### 3. **Git Hooks** (`.husky/`)
- **pre-commit**: Runs linting and type checks
- **pre-push**: Optional security audit (commented out by default)
### 4. **NPM Scripts** (Enhanced)
```bash
pnpm security:audit # Full security audit
pnpm security:check # Check high/critical vulnerabilities
pnpm security:fix # Auto-fix vulnerabilities when possible
pnpm security:report # Generate JSON report
pnpm update:check # Check for outdated packages
pnpm update:safe # Safe update with verification
```
## 🚀 Getting Started
### 1. Fix Current Vulnerability
```bash
# Update Next.js to fix the current high-severity issue
cd /home/barsa/projects/customer_portal/customer-portal
pnpm add next@latest --filter @customer-portal/portal
pnpm security:check
```
### 2. Enable GitHub Actions
- Push these changes to GitHub
- Go to **Settings → Actions → General**
- Enable **Read and write permissions** for workflows
- Go to **Settings → Code security → Dependabot**
- Enable **Dependabot alerts** and **security updates**
### 3. Optional: Enable Stricter Pre-push Checks
Edit `.husky/pre-push` and uncomment the security check lines to run audits before every push.
## 📊 Monitoring Dashboard
### View Security Status
1. **GitHub Actions**: Check `.github/workflows/security.yml` runs
2. **Dependabot**: View PRs in **Pull requests** tab
3. **Security Advisories**: Check **Security** tab
4. **Artifacts**: Download audit reports from workflow runs
### Email Notifications
GitHub will automatically notify you about:
- Security vulnerabilities
- Failed workflow runs
- Dependabot PRs
### Configure Notifications
1. Go to **Settings → Notifications**
2. Enable **Actions** and **Dependabot** notifications
3. Choose **Email** or **Web** notifications
## 🔄 Workflow Triggers
### Automatic
- **Daily**: Full security scan at 9 AM UTC
- **On Push**: Security checks when pushing to main/master
- **On PR**: Comprehensive checks including dependency review
- **Weekly**: Dependabot checks for updates (Mondays)
### Manual
```bash
# Trigger from GitHub UI
1. Go to Actions → Security Audit
2. Click "Run workflow"
3. Select branch and run
# Or use GitHub CLI
gh workflow run security.yml
```
## 🛠️ Local Development
### Before Committing
```bash
pnpm lint # Check code quality
pnpm type-check # Verify types
pnpm security:check # Check vulnerabilities
pnpm test # Run tests
```
### Weekly Maintenance
```bash
pnpm update:check # See what's outdated
pnpm update:safe # Update safely
```
### Generate Security Report
```bash
pnpm security:report
# Creates security-report.json with detailed findings
```
## 📋 Best Practices
### For Daily Development
- ✅ Run `pnpm security:check` weekly
- ✅ Review Dependabot PRs within 48 hours
- ✅ Keep dependencies up to date
- ✅ Never commit secrets (use `.env` files)
### For Security Issues
- 🚨 **High/Critical**: Fix within 24 hours
- ⚠️ **Medium**: Fix within 1 week
- **Low**: Fix in next maintenance window
### For Dependency Updates
- ✅ **Patch versions**: Auto-merge after CI passes
- ⚠️ **Minor versions**: Review and test
- 🚨 **Major versions**: Careful review and thorough testing
## 🔍 Troubleshooting
### If Security Scan Fails
```bash
# View detailed audit
pnpm audit
# Try to auto-fix
pnpm security:fix
# If auto-fix doesn't work, update manually
pnpm update [package-name]@latest
```
### If Workflow Fails
1. Check workflow logs in GitHub Actions
2. Run the same commands locally
3. Ensure all secrets are configured
4. Verify permissions are set correctly
## 📚 Additional Resources
- **Security Policy**: See `SECURITY.md`
- **Complete Guide**: See `docs/portal-guides/COMPLETE-GUIDE.md`
- **GitHub Security**: [https://docs.github.com/en/code-security](https://docs.github.com/en/code-security)
- **npm Security**: [https://docs.npmjs.com/security](https://docs.npmjs.com/security)
## 🎉 Next Steps
1. **Fix the current vulnerability**:
```bash
pnpm add next@16.0.10 --filter @customer-portal/portal
```
2. **Push to GitHub** to activate workflows:
```bash
git add .
git commit -m "feat: add comprehensive security monitoring"
git push
```
3. **Enable Dependabot** in GitHub repository settings
4. **Review first security scan** in GitHub Actions
---
**Need Help?** Check `SECURITY.md` for detailed security policies and contact information.

BIN
docs/portal-guides/~$MPLETE-GUIDE.docx
View File

Binary file not shown.

9
package.json
View File

@ -45,20 +45,23 @@
"db:reset": "pnpm --filter @customer-portal/bff run db:reset",
"security:audit": "pnpm audit",
"security:check": "pnpm audit --audit-level=high",
"security:fix": "pnpm audit --fix",
"security:report": "pnpm audit --json > security-report.json && echo 'Report saved to security-report.json'",
"security:scan": "bash ./scripts/security-check.sh",
"update:check": "pnpm outdated --recursive",
"update:safe": "pnpm update --recursive && pnpm audit && pnpm type-check",
"analyze": "pnpm --filter @customer-portal/portal run analyze",
"plesk:images": "bash ./scripts/plesk/build-images.sh"
},
"devDependencies": {
"@eslint/js": "^9.39.2",
"@next/eslint-plugin-next": "16.0.9",
"@eslint/js": "^9.39.1",
"@types/node": "catalog:",
"eslint": "^9.39.1",
"lint-staged": "^16.2.7",
"eslint": "^9.39.2",
"eslint-plugin-react-hooks": "^7.0.1",
"globals": "^16.5.0",
"husky": "^9.1.7",
"lint-staged": "^16.2.7",
"prettier": "^3.7.4",
"tsx": "^4.21.0",
"typescript": "catalog:",

170
pnpm-lock.yaml generated
View File

@ -24,8 +24,8 @@ importers:
.:
devDependencies:
"@eslint/js":
specifier: ^9.39.1
version: 9.39.1
specifier: ^9.39.2
version: 9.39.2
"@next/eslint-plugin-next":
specifier: 16.0.9
version: 16.0.9
@ -33,11 +33,11 @@ importers:
specifier: "catalog:"
version: 24.10.3
eslint:
specifier: ^9.39.1
version: 9.39.1(jiti@2.6.1)
specifier: ^9.39.2
version: 9.39.2(jiti@2.6.1)
eslint-plugin-react-hooks:
specifier: ^7.0.1
version: 7.0.1(eslint@9.39.1(jiti@2.6.1))
version: 7.0.1(eslint@9.39.2(jiti@2.6.1))
globals:
specifier: ^16.5.0
version: 16.5.0
@ -58,7 +58,7 @@ importers:
version: 5.9.3
typescript-eslint:
specifier: ^8.49.0
version: 8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
version: 8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
apps/bff:
dependencies:
@ -196,8 +196,8 @@ importers:
specifier: ^4.1.0
version: 4.1.0
next:
specifier: 16.0.9
version: 16.0.9(@babel/core@7.28.5)(react-dom@19.2.1(react@19.2.1))(react@19.2.1)
specifier: 16.0.10
version: 16.0.10(@babel/core@7.28.5)(react-dom@19.2.1(react@19.2.1))(react@19.2.1)
react:
specifier: 19.2.1
version: 19.2.1
@ -813,10 +813,10 @@ packages:
}
engines: { node: ^18.18.0 || ^20.9.0 || >=21.1.0 }
"@eslint/js@9.39.1":
"@eslint/js@9.39.2":
resolution:
{
integrity: sha512-S26Stp4zCy88tH94QbBv3XCuzRQiZ9yXofEILmglYTh/Ug/a9/umqvgFtYBAo3Lp0nsI/5/qH1CCrbdK3AP1Tw==,
integrity: sha512-q1mjIoW1VX4IvSocvM/vbTiveKC4k9eLrajNEuSsmjymSDEbpGddtpfOoN7YGAqBK3NG+uqo8ia4PDTt8buCYA==,
}
engines: { node: ^18.18.0 || ^20.9.0 || >=21.1.0 }
@ -1747,10 +1747,10 @@ packages:
integrity: sha512-AHA6ZomhQuRsJtkoRvsq+hIuwA6F26mQzQT8ICcc2dL3BvHRcWOA+EiFr+BgWFY++EE957xVDqMIJjLApyxnwA==,
}
"@next/env@16.0.9":
"@next/env@16.0.10":
resolution:
{
integrity: sha512-6284pl8c8n9PQidN63qjPVEu1uXXKjnmbmaLebOzIfTrSXdGiAPsIMRi4pk/+v/ezqweE1/B8bFqiAAfC6lMXg==,
integrity: sha512-8tuaQkyDVgeONQ1MeT9Mkk8pQmZapMKFh5B+OrFUlG3rVmYTXcXlBetBgTurKXGaIZvkoqRT9JL5K3phXcgang==,
}
"@next/eslint-plugin-next@16.0.9":
@ -1759,73 +1759,73 @@ packages:
integrity: sha512-ea6F0Towc70S+5y0HfkmMeNvWXHH+5yQUhovmed5qHu9WxJRW0oE26+OU6z4u0hR5WHYec7KwwHZCyWlnwdpOg==,
}
"@next/swc-darwin-arm64@16.0.9":
"@next/swc-darwin-arm64@16.0.10":
resolution:
{
integrity: sha512-j06fWg/gPqiWjK+sEpCDsh5gX+Bdy9gnPYjFqMBvBEOIcCFy1/ecF6pY6XAce7WyCJAbBPVb+6GvpmUZKNq0oQ==,
integrity: sha512-4XgdKtdVsaflErz+B5XeG0T5PeXKDdruDf3CRpnhN+8UebNa5N2H58+3GDgpn/9GBurrQ1uWW768FfscwYkJRg==,
}
engines: { node: ">= 10" }
cpu: [arm64]
os: [darwin]
"@next/swc-darwin-x64@16.0.9":
"@next/swc-darwin-x64@16.0.10":
resolution:
{
integrity: sha512-FRYYz5GSKUkfvDSjd5hgHME2LgYjfOLBmhRVltbs3oRNQQf9n5UTQMmIu/u5vpkjJFV4L2tqo8duGqDxdQOFwg==,
integrity: sha512-spbEObMvRKkQ3CkYVOME+ocPDFo5UqHb8EMTS78/0mQ+O1nqE8toHJVioZo4TvebATxgA8XMTHHrScPrn68OGw==,
}
engines: { node: ">= 10" }
cpu: [x64]
os: [darwin]
"@next/swc-linux-arm64-gnu@16.0.9":
"@next/swc-linux-arm64-gnu@16.0.10":
resolution:
{
integrity: sha512-EI2klFVL8tOyEIX5J1gXXpm1YuChmDy4R+tHoNjkCHUmBJqXioYErX/O2go4pEhjxkAxHp2i8y5aJcRz2m5NqQ==,
integrity: sha512-uQtWE3X0iGB8apTIskOMi2w/MKONrPOUCi5yLO+v3O8Mb5c7K4Q5KD1jvTpTF5gJKa3VH/ijKjKUq9O9UhwOYw==,
}
engines: { node: ">= 10" }
cpu: [arm64]
os: [linux]
"@next/swc-linux-arm64-musl@16.0.9":
"@next/swc-linux-arm64-musl@16.0.10":
resolution:
{
integrity: sha512-vq/5HeGvowhDPMrpp/KP4GjPVhIXnwNeDPF5D6XK6ta96UIt+C0HwJwuHYlwmn0SWyNANqx1Mp6qSVDXwbFKsw==,
integrity: sha512-llA+hiDTrYvyWI21Z0L1GiXwjQaanPVQQwru5peOgtooeJ8qx3tlqRV2P7uH2pKQaUfHxI/WVarvI5oYgGxaTw==,
}
engines: { node: ">= 10" }
cpu: [arm64]
os: [linux]
"@next/swc-linux-x64-gnu@16.0.9":
"@next/swc-linux-x64-gnu@16.0.10":
resolution:
{
integrity: sha512-GlUdJwy2leA/HnyRYxJ1ZJLCJH+BxZfqV4E0iYLrJipDKxWejWpPtZUdccPmCfIEY9gNBO7bPfbG6IIgkt0qXg==,
integrity: sha512-AK2q5H0+a9nsXbeZ3FZdMtbtu9jxW4R/NgzZ6+lrTm3d6Zb7jYrWcgjcpM1k8uuqlSy4xIyPR2YiuUr+wXsavA==,
}
engines: { node: ">= 10" }
cpu: [x64]
os: [linux]
"@next/swc-linux-x64-musl@16.0.9":
"@next/swc-linux-x64-musl@16.0.10":
resolution:
{
integrity: sha512-UCtOVx4N8AHF434VPwg4L0KkFLAd7pgJShzlX/hhv9+FDrT7/xCuVdlBsCXH7l9yCA/wHl3OqhMbIkgUluriWA==,
integrity: sha512-1TDG9PDKivNw5550S111gsO4RGennLVl9cipPhtkXIFVwo31YZ73nEbLjNC8qG3SgTz/QZyYyaFYMeY4BKZR/g==,
}
engines: { node: ">= 10" }
cpu: [x64]
os: [linux]
"@next/swc-win32-arm64-msvc@16.0.9":
"@next/swc-win32-arm64-msvc@16.0.10":
resolution:
{
integrity: sha512-tQjtDGtv63mV3n/cZ4TH8BgUvKTSFlrF06yT5DyRmgQuj5WEjBUDy0W3myIW5kTRYMPrLn42H3VfCNwBH6YYiA==,
integrity: sha512-aEZIS4Hh32xdJQbHz121pyuVZniSNoqDVx1yIr2hy+ZwJGipeqnMZBJHyMxv2tiuAXGx6/xpTcQJ6btIiBjgmg==,
}
engines: { node: ">= 10" }
cpu: [arm64]
os: [win32]
"@next/swc-win32-x64-msvc@16.0.9":
"@next/swc-win32-x64-msvc@16.0.10":
resolution:
{
integrity: sha512-y9AGACHTBwnWFLq5B5Fiv3FEbXBusdPb60pgoerB04CV/pwjY1xQNdoTNxAv7eUhU2k1CKnkN4XWVuiK07uOqA==,
integrity: sha512-E+njfCoFLb01RAFEnGZn6ERoOqhK1Gl3Lfz1Kjnj0Ulfu7oJbuMyvBKNj/bw8XZnenHDASlygTjZICQW+rYW1Q==,
}
engines: { node: ">= 10" }
cpu: [x64]
@ -4001,10 +4001,10 @@ packages:
}
engines: { node: ^18.18.0 || ^20.9.0 || >=21.1.0 }
eslint@9.39.1:
eslint@9.39.2:
resolution:
{
integrity: sha512-BhHmn2yNOFA9H9JmmIVKJmd288g9hrVRDkdoIgRCRuSySRUHH7r/DI6aAXW9T1WwUuY3DFgrcaqB+deURBLR5g==,
integrity: sha512-LEyamqS7W5HB3ujJyvi0HQK/dtVINZvd5mAAp9eT5S/ujByGjiZLCzPcHVzuXbpJDJF/cxwHlfceVUDZ2lnSTw==,
}
engines: { node: ^18.18.0 || ^20.9.0 || >=21.1.0 }
hasBin: true
@ -5523,10 +5523,10 @@ packages:
"@nestjs/swagger":
optional: true
next@16.0.9:
next@16.0.10:
resolution:
{
integrity: sha512-Xk5x/wEk6ADIAtQECLo1uyE5OagbQCiZ+gW4XEv24FjQ3O2PdSkvgsn22aaseSXC7xg84oONvQjFbSTX5YsMhQ==,
integrity: sha512-RtWh5PUgI+vxlV3HdR+IfWA1UUHu0+Ram/JBO4vWB54cVPentCD0e+lxyAYEsDTqGGMg7qpjhKh6dc6aW7W/sA==,
}
engines: { node: ">=20.9.0" }
hasBin: true
@ -7433,6 +7433,12 @@ packages:
integrity: sha512-AvvthqfqrAhNH9dnfmrfKzX5upOdjUVJYFqNSlkmGf64gRaTzlPwz99IHYnVs28qYAybvAlBV+H7pn0saFY4Ig==,
}
zod@4.2.0:
resolution:
{
integrity: sha512-Bd5fw9wlIhtqCCxotZgdTOMwGm1a0u75wARVEY9HMs1X17trvA/lMi4+MGK5EUfYkXVTbX8UDiDKW4OgzHVUZw==,
}
zustand@5.0.9:
resolution:
{
@ -7734,9 +7740,9 @@ snapshots:
"@esbuild/win32-x64@0.27.1":
optional: true
"@eslint-community/eslint-utils@4.9.0(eslint@9.39.1(jiti@2.6.1))":
"@eslint-community/eslint-utils@4.9.0(eslint@9.39.2(jiti@2.6.1))":
dependencies:
eslint: 9.39.1(jiti@2.6.1)
eslint: 9.39.2(jiti@2.6.1)
eslint-visitor-keys: 3.4.3
"@eslint-community/regexpp@4.12.2": {}
@ -7771,7 +7777,7 @@ snapshots:
transitivePeerDependencies:
- supports-color
"@eslint/js@9.39.1": {}
"@eslint/js@9.39.2": {}
"@eslint/object-schema@2.1.7": {}
@ -8325,34 +8331,34 @@ snapshots:
- bufferutil
- utf-8-validate
"@next/env@16.0.9": {}
"@next/env@16.0.10": {}
"@next/eslint-plugin-next@16.0.9":
dependencies:
fast-glob: 3.3.1
"@next/swc-darwin-arm64@16.0.9":
"@next/swc-darwin-arm64@16.0.10":
optional: true
"@next/swc-darwin-x64@16.0.9":
"@next/swc-darwin-x64@16.0.10":
optional: true
"@next/swc-linux-arm64-gnu@16.0.9":
"@next/swc-linux-arm64-gnu@16.0.10":
optional: true
"@next/swc-linux-arm64-musl@16.0.9":
"@next/swc-linux-arm64-musl@16.0.10":
optional: true
"@next/swc-linux-x64-gnu@16.0.9":
"@next/swc-linux-x64-gnu@16.0.10":
optional: true
"@next/swc-linux-x64-musl@16.0.9":
"@next/swc-linux-x64-musl@16.0.10":
optional: true
"@next/swc-win32-arm64-msvc@16.0.9":
"@next/swc-win32-arm64-msvc@16.0.10":
optional: true
"@next/swc-win32-x64-msvc@16.0.9":
"@next/swc-win32-x64-msvc@16.0.10":
optional: true
"@nodelib/fs.scandir@2.1.5":
@ -8793,15 +8799,15 @@ snapshots:
"@types/validator@13.15.10":
optional: true
"@typescript-eslint/eslint-plugin@8.49.0(@typescript-eslint/parser@8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3))(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)":
"@typescript-eslint/eslint-plugin@8.49.0(@typescript-eslint/parser@8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3))(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)":
dependencies:
"@eslint-community/regexpp": 4.12.2
"@typescript-eslint/parser": 8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/parser": 8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/scope-manager": 8.49.0
"@typescript-eslint/type-utils": 8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/utils": 8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/type-utils": 8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/utils": 8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/visitor-keys": 8.49.0
eslint: 9.39.1(jiti@2.6.1)
eslint: 9.39.2(jiti@2.6.1)
ignore: 7.0.5
natural-compare: 1.4.0
ts-api-utils: 2.1.0(typescript@5.9.3)
@ -8809,14 +8815,14 @@ snapshots:
transitivePeerDependencies:
- supports-color
"@typescript-eslint/parser@8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)":
"@typescript-eslint/parser@8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)":
dependencies:
"@typescript-eslint/scope-manager": 8.49.0
"@typescript-eslint/types": 8.49.0
"@typescript-eslint/typescript-estree": 8.49.0(typescript@5.9.3)
"@typescript-eslint/visitor-keys": 8.49.0
debug: 4.4.3
eslint: 9.39.1(jiti@2.6.1)
eslint: 9.39.2(jiti@2.6.1)
typescript: 5.9.3
transitivePeerDependencies:
- supports-color
@ -8839,13 +8845,13 @@ snapshots:
dependencies:
typescript: 5.9.3
"@typescript-eslint/type-utils@8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)":
"@typescript-eslint/type-utils@8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)":
dependencies:
"@typescript-eslint/types": 8.49.0
"@typescript-eslint/typescript-estree": 8.49.0(typescript@5.9.3)
"@typescript-eslint/utils": 8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/utils": 8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
debug: 4.4.3
eslint: 9.39.1(jiti@2.6.1)
eslint: 9.39.2(jiti@2.6.1)
ts-api-utils: 2.1.0(typescript@5.9.3)
typescript: 5.9.3
transitivePeerDependencies:
@ -8868,13 +8874,13 @@ snapshots:
transitivePeerDependencies:
- supports-color
"@typescript-eslint/utils@8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)":
"@typescript-eslint/utils@8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)":
dependencies:
"@eslint-community/eslint-utils": 4.9.0(eslint@9.39.1(jiti@2.6.1))
"@eslint-community/eslint-utils": 4.9.0(eslint@9.39.2(jiti@2.6.1))
"@typescript-eslint/scope-manager": 8.49.0
"@typescript-eslint/types": 8.49.0
"@typescript-eslint/typescript-estree": 8.49.0(typescript@5.9.3)
eslint: 9.39.1(jiti@2.6.1)
eslint: 9.39.2(jiti@2.6.1)
typescript: 5.9.3
transitivePeerDependencies:
- supports-color
@ -9702,14 +9708,14 @@ snapshots:
escape-string-regexp@4.0.0: {}
eslint-plugin-react-hooks@7.0.1(eslint@9.39.1(jiti@2.6.1)):
eslint-plugin-react-hooks@7.0.1(eslint@9.39.2(jiti@2.6.1)):
dependencies:
"@babel/core": 7.28.5
"@babel/parser": 7.28.5
eslint: 9.39.1(jiti@2.6.1)
eslint: 9.39.2(jiti@2.6.1)
hermes-parser: 0.25.1
zod: 4.1.13
zod-validation-error: 4.0.2(zod@4.1.13)
zod: 4.2.0
zod-validation-error: 4.0.2(zod@4.2.0)
transitivePeerDependencies:
- supports-color
@ -9727,15 +9733,15 @@ snapshots:
eslint-visitor-keys@4.2.1: {}
eslint@9.39.1(jiti@2.6.1):
eslint@9.39.2(jiti@2.6.1):
dependencies:
"@eslint-community/eslint-utils": 4.9.0(eslint@9.39.1(jiti@2.6.1))
"@eslint-community/eslint-utils": 4.9.0(eslint@9.39.2(jiti@2.6.1))
"@eslint-community/regexpp": 4.12.2
"@eslint/config-array": 0.21.1
"@eslint/config-helpers": 0.4.2
"@eslint/core": 0.17.0
"@eslint/eslintrc": 3.3.3
"@eslint/js": 9.39.1
"@eslint/js": 9.39.2
"@eslint/plugin-kit": 0.4.1
"@humanfs/node": 0.16.7
"@humanwhocodes/module-importer": 1.0.1
@ -10648,9 +10654,9 @@ snapshots:
optionalDependencies:
"@nestjs/swagger": 11.2.0(@nestjs/common@11.1.9(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@11.1.9)(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)
next@16.0.9(@babel/core@7.28.5)(react-dom@19.2.1(react@19.2.1))(react@19.2.1):
next@16.0.10(@babel/core@7.28.5)(react-dom@19.2.1(react@19.2.1))(react@19.2.1):
dependencies:
"@next/env": 16.0.9
"@next/env": 16.0.10
"@swc/helpers": 0.5.15
caniuse-lite: 1.0.30001760
postcss: 8.4.31
@ -10658,14 +10664,14 @@ snapshots:
react-dom: 19.2.1(react@19.2.1)
styled-jsx: 5.1.6(@babel/core@7.28.5)(react@19.2.1)
optionalDependencies:
"@next/swc-darwin-arm64": 16.0.9
"@next/swc-darwin-x64": 16.0.9
"@next/swc-linux-arm64-gnu": 16.0.9
"@next/swc-linux-arm64-musl": 16.0.9
"@next/swc-linux-x64-gnu": 16.0.9
"@next/swc-linux-x64-musl": 16.0.9
"@next/swc-win32-arm64-msvc": 16.0.9
"@next/swc-win32-x64-msvc": 16.0.9
"@next/swc-darwin-arm64": 16.0.10
"@next/swc-darwin-x64": 16.0.10
"@next/swc-linux-arm64-gnu": 16.0.10
"@next/swc-linux-arm64-musl": 16.0.10
"@next/swc-linux-x64-gnu": 16.0.10
"@next/swc-linux-x64-musl": 16.0.10
"@next/swc-win32-arm64-msvc": 16.0.10
"@next/swc-win32-x64-msvc": 16.0.10
sharp: 0.34.5
transitivePeerDependencies:
- "@babel/core"
@ -11586,13 +11592,13 @@ snapshots:
typedarray@0.0.6: {}
typescript-eslint@8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3):
typescript-eslint@8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3):
dependencies:
"@typescript-eslint/eslint-plugin": 8.49.0(@typescript-eslint/parser@8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3))(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/parser": 8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/eslint-plugin": 8.49.0(@typescript-eslint/parser@8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3))(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/parser": 8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
"@typescript-eslint/typescript-estree": 8.49.0(typescript@5.9.3)
"@typescript-eslint/utils": 8.49.0(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
eslint: 9.39.1(jiti@2.6.1)
"@typescript-eslint/utils": 8.49.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
eslint: 9.39.2(jiti@2.6.1)
typescript: 5.9.3
transitivePeerDependencies:
- supports-color
@ -11796,12 +11802,14 @@ snapshots:
dependencies:
grammex: 3.1.12
zod-validation-error@4.0.2(zod@4.1.13):
zod-validation-error@4.0.2(zod@4.2.0):
dependencies:
zod: 4.1.13
zod: 4.2.0
zod@4.1.13: {}
zod@4.2.0: {}
zustand@5.0.9(@types/react@19.2.7)(react@19.2.1):
optionalDependencies:
"@types/react": 19.2.7

7
pnpm-workspace.yaml
View File

@ -2,8 +2,7 @@ packages:
- apps/*
- packages/*
# Centralized dependency versions (pnpm Catalogs)
catalog:
zod: "4.1.13"
typescript: "5.9.3"
"@types/node": "24.10.3"
"@types/node": 24.10.3
typescript: 5.9.3
zod: 4.1.13

97
scripts/security-check.sh Executable file
View File

@ -0,0 +1,97 @@
#!/bin/bash
# Security Check Script
# Run this to perform a comprehensive security check on your project
set -e
echo "🔍 Starting Security Scan..."
echo ""
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
local color=$1
local message=$2
echo -e "${color}${message}${NC}"
}
# Check if we're in the right directory
if [ ! -f "package.json" ]; then
print_status "$RED" "❌ Error: package.json not found. Please run this script from the project root."
exit 1
fi
print_status "$YELLOW" "📦 Checking for security vulnerabilities..."
echo ""
# Run security audit
if pnpm audit --audit-level=high; then
print_status "$GREEN" "✅ No high or critical vulnerabilities found!"
else
print_status "$RED" "⚠️ Security vulnerabilities detected!"
echo ""
print_status "$YELLOW" "Generating detailed report..."
pnpm audit --json > security-report.json
print_status "$GREEN" "Report saved to: security-report.json"
echo ""
print_status "$YELLOW" "To fix vulnerabilities, try:"
echo " pnpm security:fix"
echo " or update packages manually"
exit 1
fi
echo ""
print_status "$YELLOW" "📋 Checking for outdated dependencies..."
echo ""
if pnpm outdated --recursive > /dev/null 2>&1; then
print_status "$GREEN" "✅ All dependencies are up to date!"
else
print_status "$YELLOW" " Some dependencies have updates available"
echo ""
pnpm outdated --recursive || true
echo ""
print_status "$YELLOW" "To update safely, run:"
echo " pnpm update:safe"
fi
echo ""
print_status "$YELLOW" "🔍 Running linter..."
echo ""
if pnpm lint; then
print_status "$GREEN" "✅ No linting errors!"
else
print_status "$RED" "⚠️ Linting errors found!"
echo ""
print_status "$YELLOW" "To fix automatically, try:"
echo " pnpm lint:fix"
exit 1
fi
echo ""
print_status "$YELLOW" "📝 Running type check..."
echo ""
if pnpm type-check; then
print_status "$GREEN" "✅ No type errors!"
else
print_status "$RED" "⚠️ Type errors found!"
exit 1
fi
echo ""
print_status "$GREEN" "🎉 All security checks passed!"
echo ""
print_status "$YELLOW" "Recommendations:"
echo " 1. Review any outdated dependencies"
echo " 2. Run tests: pnpm test"
echo " 3. Push changes to trigger CI/CD security scans"
echo ""