feat(security): implement security hardening and automated scanning (#15)#46
Merged
malavya1411 merged 13 commits intoJul 5, 2026
Conversation
… add PostgreSQL service for ZAP scan
- Fix line ending issues (CRLF -> LF) in backend TypeScript files - Fix CORS configuration syntax error in server.ts - Fix code formatting issues (method chaining indentation) - All ESLint checks now passing with 0 errors
walunjsahil33-hub
pushed a commit
to walunjsahil33-hub/InboxOS
that referenced
this pull request
Jul 4, 2026
refactor(repo): reorganize repository architecture and cleanup root d…
- Resolved merge conflicts in route files - Kept our CORS security fixes (allows undefined origin) - Integrated new features: reminders router, timezone & digestSchedule settings - Moved services to actions/ directory structure - Updated settings endpoints with new fields
- Fixed CRLF line endings in all upstream files (converted to LF) - Fixed prefer-const ESLint error in feedback-collector.service.ts - All ESLint checks now passing (0 errors, 48 acceptable warnings)
- Resolved conflicts with latest upstream changes - Removed backend/package-lock.json (deleted upstream) - Preserved security middleware: helmet, CORS, compression, rate limiting - Integrated new features: Swagger API docs, neubrutalism design - Kept our security enhancements while adopting upstream structure
- Fixed CRLF line endings in all upstream files - Fixed method chaining formatting in server.ts - All ESLint checks now passing (0 errors, 42 acceptable warnings)
Contributor
Author
|
Everything is up to date now; run tests and merge it asap so that it helps me not hit more merge conflicts |
Contributor
Author
|
@malavya1411 @krishnasahoo11156 hey mainteners! Please have a look |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements the baseline security hardening requested in #15.
Changes
eslint-plugin-securityto backend and frontend.SECURITY.mdfor vulnerability reporting.Notes