merge: resolve conflicts with dev, fix 7 Snyk security issues

- Resolve translation conflicts (keep both journey + OAuth scope keys) - Resolve migrations.ts (dev OAuth migrations + journey migrations) - Fix hono directory traversal, response splitting, input validation (CVE-2026-39407/08/09/10) - Fix @hono/node-server directory traversal (CVE-2026-39406) - Fix nodemailer CRLF injection (upgrade to 8.0.5)
2026-06-19 13:21:46 +00:00 · 2026-04-11 19:11:21 +02:00
parent 13956804c2 aa1261e82b
commit 956c4270df
121 changed files with 13475 additions and 2499 deletions
@@ -1,6 +1,6 @@
 {
  "name": "trek-server",
-  "version": "2.9.12",
+  "version": "2.9.13",
  "main": "src/index.ts",
  "scripts": {
    "start": "node --import tsx src/index.ts",
@@ -27,7 +27,7 @@
    "multer": "^2.1.1",
    "node-cron": "^4.2.1",
    "undici": "^7.0.0",
-    "nodemailer": "^8.0.4",
+    "nodemailer": "^8.0.5",
    "otplib": "^12.0.1",
    "qrcode": "^1.5.4",
    "tsx": "^4.21.0",
@@ -37,6 +37,10 @@
    "ws": "^8.19.0",
    "zod": "^4.3.6"
  },
+  "overrides": {
+    "hono": "^4.12.12",
+    "@hono/node-server": "^1.19.13"
+  },
  "devDependencies": {
    "@types/archiver": "^7.0.0",
    "@types/bcryptjs": "^2.4.6",