From 82f8582e6b31af0bd97c9e39b43dc20480a69c76 Mon Sep 17 00:00:00 2001 From: devmooo3 Date: Tue, 24 Feb 2026 20:27:44 +0200 Subject: [PATCH 1/2] clean history remove secrets --- .gitignore | 3 +++ api/.gitignore | 4 +++- front/.env.local | 56 ------------------------------------------------ front/.gitignore | 4 +++- 4 files changed, 9 insertions(+), 58 deletions(-) delete mode 100644 front/.env.local diff --git a/.gitignore b/.gitignore index 3c3629e..71d2ef8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ node_modules +.env +.env.local +.env.* diff --git a/api/.gitignore b/api/.gitignore index 5ef6a52..45acc2e 100644 --- a/api/.gitignore +++ b/api/.gitignore @@ -31,7 +31,9 @@ yarn-error.log* .pnpm-debug.log* # env files (can opt-in for committing if needed) -.env* +.env +.env.local +.env.* # vercel .vercel diff --git a/front/.env.local b/front/.env.local deleted file mode 100644 index c43e6ea..0000000 --- a/front/.env.local +++ /dev/null @@ -1,56 +0,0 @@ - NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_YmFsYW5jZWQtcGFuZGEtMy5jbGVyay5hY2NvdW50cy5kZXYk - CLERK_SECRET_KEY=sk_test_mcOCrQGPo70DF38fnSdoyZMlV5DSl0uHuLW3wg37Pd - -# NEXT_PUBLIC_API_URL=https://10minportfolio.netlify.app - -NEXT_PUBLIC_SERVER_URL=http://localhost:3001 -NEXT_PUBLIC_WEBSITE_URL=http://localhost:3000 - -# NEXT_PUBLIC_API_URL=https://10minportfolio.netlify.app -# NEXT_PUBLIC_API_URL=http://localhost:3000 -NEXT_PUBLIC_API_URL=http://localhost:3001 - - -NEXT_PUBLIC_CORS_ENABLED=true -# CLERK AUTH - -# NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_YmFsYW5jZWQtcGFuZGEtMy5jbGVyay5hY2NvdW50cy5kZXYk -# CLERK_SECRET_KEY=sk_test_mcOCrQGPo70DF38fnSdoyZMlV5DSl0uHuLW3wg37Pd - -NEXT_PUBLIC_CLERK_SIGN_IN_URL=/sign-in -NEXT_PUBLIC_CLERK_SIGN_UP_URL=/sign-up - -CLERK_WEBHOOK_SECRET=whsec_xxx - - -# EMAIL (GMAIL SMTP) - -MAIL_USER=your_email@gmail.com -MAIL_PASSWORD=your_app_password_here -MAIL_HOST=smtp.gmail.com -MAIL_PORT=465 -MAIL_SECURE=true - - -# SENTRY ERROR TRACKING - -NEXT_PUBLIC_SENTRY_DSN=https://xxx.ingest.sentry.io/xxx -SENTRY_DSN=https://xxx@xxx.ingest.sentry.io/xxx - - -# AI (DEEPSEEK) - -DEEPSEEK_API_KEY=sk-919b37229d1d4c83b52fd3fa75e903fe - - -# STRIPE PAYMENT - -NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51T1VLVKvnrz8CVKzm8k6uHvKWkUaTc0CHwwoaxusbFgaWzHIPynBUFKyHLfQfJnJRMUxQOafmRy7Tg5vESDl9C1H00NBdH3aNp -STRIPE_SECRET_KEY=sk_test_51T1VLVKvnrz8CVKzhuTyUSTFnk269UwJ6RKqLZ50jFL9FeFfMijcVPYAetutHuzcizd7FFHTjG8cugs82Fi3YwCx00fyHsH54f -STRIPE_WEBHOOK_SECRET=whsec_xxxxxxxxx - - -# PAYPAL - -PAYPAL_CLIENT_ID=AXxxxxxxxxxxxxxxxx -PAYPAL_SECRET=ELxxxxxxxxxxxxxxxx diff --git a/front/.gitignore b/front/.gitignore index d1ccc9a..7ba041a 100644 --- a/front/.gitignore +++ b/front/.gitignore @@ -31,7 +31,9 @@ yarn-error.log* .pnpm-debug.log* # env files (can opt-in for committing if needed) -# .env* +.env +.env.local +.env.* # vercel .vercel From 3f306ee2e7c5a1c731dd84df2c780771bfd13645 Mon Sep 17 00:00:00 2001 From: Vercel Date: Tue, 24 Feb 2026 19:12:25 +0000 Subject: [PATCH 2/2] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- api/package.json | 2 +- front/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/api/package.json b/api/package.json index 2c7a6f6..001b8c7 100644 --- a/api/package.json +++ b/api/package.json @@ -31,7 +31,7 @@ "logrocket": "^10.1.0", "lucide-react": "^0.525.0", "mongoose": "^8.16.4", - "next": "15.3.4", + "next": "15.3.8", "next-swagger-doc": "^0.4.1", "next-themes": "^0.4.6", "nodemailer": "^7.0.4", diff --git a/front/package.json b/front/package.json index 0c00876..dc22ad0 100644 --- a/front/package.json +++ b/front/package.json @@ -54,7 +54,7 @@ "lodash.isequal": "^4.5.0", "lucide-react": "^0.525.0", "negotiator": "^1.0.0", - "next": "15.3.4", + "next": "15.3.8", "next-themes": "^0.4.6", "react": "^19.0.0", "react-day-picker": "^9.9.0",