southseact-3d/shopify-ai-backup
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Security fixes: Remove PAT, add idempotency, fix admin auth

Browse Source 
- Remove exposed GitHub PAT from git remote URL
- Remove admin password plaintext fallback (bcrypt only)
- Add webhook idempotency protection to prevent duplicate payments
- Fix webhook error handling to return 500 on errors (enables retry)
- Upgrade archiver to v7 to fix npm vulnerabilities
- Add production environment validation for critical secrets
- Add comprehensive security review documentation
This commit is contained in:
Developer
2026-02-20 21:51:45 +00:00
parent a831f331cd
commit 2a7971eda1
3 changed files with 630 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
chat/package.json
View File

@@ -15,7 +15,7 @@
"type": "commonjs",
"dependencies": {
"adm-zip": "^0.5.16",
"archiver": "^6.0.1",
"archiver": "^7.0.1",
"bcrypt": "^6.0.0",
"jsonwebtoken": "^9.0.2",
"pdfkit": "^0.17.2",