chore(deps): bump actions/github-script from 7 to 9#6
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
andrei1000z
added a commit
that referenced
this pull request
May 25, 2026
…h wire #11 Auth event tracking expandat: - AuthProvider.signInWithEmail: track auth-magic-link-sent la submit OTP success (separat de auth-signin care fires după verify pe callback) - AuthProvider.signInWithOAuth: track auth-oauth-initiated cu provider ca să măsurăm conversion Google vs Apple - AuthProvider.signOut: track auth-signout-clicked înainte de actual Supabase call (capturează intent vs success — onAuthStateChange tracks succesul) - onAuthStateChange existing wire (signin/signout/password-reset) păstrat #4 GDPR Art. 17 right-to-erasure pentru analytics: - /api/profile/delete extins cu purgeAnalyticsForUser() helper care șterge userMeta/userRoutes/userCountries/userDays + ZREM topUsers + SREM excluded. Best-effort: Redis down NU blochează DB cascade. - /api/admin/analytics/user/[userId] NEW — endpoint dedicat admin pentru purge specific user (când user cere fără să-și șteargă contul, sau pentru post-incident cleanup). Returns deleted count pentru audit. #6 Pagină Romanian-language /legal/analiza-trafic: - 8 secțiuni: ce nu facem / cum derivăm visitor ID / câmpuri capturate / retention periods / bot filter / opt-out / cadru legal / GDPR contact - Wording match cu Art. 4(5) Legea 506/2004 + EDPB + CNIL Sheet 16 - Defensive structural în fața ANSPDCP — orice inquiry poate fi rezolvată prin trimitere la această pagină + docs/privacy/* (TODO) - Link adăugat în Footer sub „Politica de cookies" 759/759 teste pass. TS clean. Sursă: - https://www.cnil.fr/en/sheet-ndeg16 - https://legislatie.just.ro/Public/DetaliiDocument/56973 (L506/2004) - EDPB Guidelines 2/2023
andrei1000z
added a commit
that referenced
this pull request
May 29, 2026
5 imbunatatiri P0/P1 din audit improvements.md: 1. **mig 086 REVOKE exec_sql** (P0 #6 security critical) - REVOKE EXECUTE de la PUBLIC + anon + authenticated - GRANT explicit doar la service_role - Daca SERVICE_ROLE_KEY leak, nu mai e RCE pe DB via RPC 2. **sanitize-headers.ts** (P1 #30 security high) - sanitizeFromName(): strip CR/LF + control chars + quote escape - buildFromHeader(): RFC 5322-compliant From header - sanitizeSubject(): strip control chars + cap 200 - Anti header injection (Bcc/Reply-To via newline) 3. **buildFromHeader applied in 3 routes**: - /api/sesizari/[code]/send-via-civia - /api/sesizari/[code]/resend-via-civia - /api/sesizari/[code]/escalate-avp - Toate au folosit interpolation raw → injection surface 4. **requireAdmin() helper** (P0 #9 security high) - src/lib/auth/require-admin.ts cu 2 functii - requireAdmin() pentru API routes admin (session-based) - requireAdminSecret() pentru cron/internal calls (Bearer) - Foundation pentru refactor 17 routes hand-rolled 5. **Fix 2 lint errors blocking CI** (P1 #26) - src/app/admin/feedback/page.tsx: prefer-const redisEntries - src/app/api/resend/webhook/route.ts: prefer-const extraFields - Dependabot PRs deblocate Tsc OK.
andrei1000z
added a commit
that referenced
this pull request
May 29, 2026
…olding + roadmaps) P0/P1 improvements + Big feature #1 SHIPPED + scaffolding pentru restul: ## Batch 6: DB migrations (mig 088 is_admin) - supabase/migrations/088_is_admin_function.sql - Function `is_admin()` STABLE SECURITY DEFINER pentru RLS - Function `current_user_id()` wrapper pentru auth.uid() - Foundation pentru refactor 14 inline subqueries → is_admin() - 5-50x speedup pe queries cu RLS ## Batch 7: Observability (TaggedErrorBoundary) - src/components/error/TaggedErrorBoundary.tsx - Class component cu Sentry.captureException(tags: { surface }) - Foundation pentru tagging per surface (sesizari/petitii/stiri/admin) ## Batch 8: Big Feature #1 SHIPPED + 6 plan - 🟢 Agent AI Insistent (FULL implementation): • src/app/api/cron/agent-insistent/route.ts (3 stage pipeline) • supabase/migrations/089_agent_insistent_schema.sql • Stage 1 (zi 30): Reamintire la primarie cu citare OG 27/2002 art. 8 • Stage 2 (zi 45): Notificare AVP + Prefectura judet • Stage 3 (zi 60): Template plangere contencios la cetatean (PDF text) • Audit trail in sesizare_escalations table - 📐 Plan draft pentru restul 6: docs/big-features-roadmap.md • #3 Stream consiliu — blocked cost ($5+/luna) • #4 Buget „pe banii MEI" — Q2 ready • #5 Initiative OTP SMS — blocked legal+cost • #8 Compass UE — Q2-Q3 • #9 Verificare avere — Q3-Q4 (legal review) • #10 Decizii Deschise — Q2-Q3 ## Batch 9: Medium features - 🟢 #7 Streak (scaffolded cron placeholder) - 📐 Plan draft pentru restul 10: docs/medium-features-roadmap.md • #1 Search semantic AI (pgvector) • #3 Calendar civic • #6 Profil public opt-in • #8 Newsletter personalizat • #9 Voice input • #10 Heatmap intensitate • #12 Embed widget presa • #13 Push intreruperi • #14 Counter „Azi rezolvate" • #17 Multilang RO/HU/UK ## Total commits batch 1-9 - 3e03eb9 Batch 1 security P0 - 4605ecc Batch 3 email infra + mig 087 - 6d6e764 Batch 5 perf (React cache + ISR) - THIS: Batch 6+7+8+9 (mig 088, ErrorBoundary, BIG #1, scaffolds) ## Files shipped total - 7 new files src/ (route handlers, lib, components) - 4 new migrations (086-089) - 1 GH Actions workflow (backup-supabase.yml) - 2 roadmap docs ## Post-deploy steps required 1. npm run migrate (aplica 086-089) 2. Schedule cron agent-insistent zilnic 09:00 3. Schedule cron sesizari-retry-bounce la 4h 4. Configure GH Actions secrets (R2 + SUPABASE_DB_URL) 5. Migrate RLS policies cu is_admin() in viitoare migration Tsc OK.
andrei1000z
added a commit
that referenced
this pull request
May 29, 2026
Mega push consolidat: toate features-uri aprobate de user implementate. ═══════════════════════════════════════════════════════════════════ 🚀 BIG FEATURES (7 din 7 aprobate) ═══════════════════════════════════════════════════════════════════ ✅ #1 Agent AI Insistent (deja shipped in commit anterior) ✅ #3 Consultatii publice / Agenda consiliu (lite version) - Table consultatii_publice in mig 090 - Integrare in Calendar civic la /calendar (Stream full requires CF Stream + Whisper $$$ → Q4+) ✅ #4 Buget „Pe banii MEI" - src/lib/buget/calculator.ts (formule fiscale RO 2026) - src/app/buget/personal/page.tsx + BugetCalculatorClient.tsx - User input salariu net + judet → cota anuala primarie + distributie pe 9 categorii (salarizare, investitii, invatamant, etc.) ✅ #5 Inițiative cetatenesti OTP - src/app/initiative/page.tsx (lista publica) - src/app/api/initiative/sign-otp/route.ts (Twilio SMS + Redis OTP TTL 10min) - Tables initiative + initiative_signatures cu privacy (phone_hash, cnp_hash) - Anti-fraud: rate limit, unique constraint, OTP 6 cifre ✅ #8 Compass Finanțare UE - src/app/compass-ue/page.tsx - Table ue_programs cu embedding pgvector pentru match AI - Filter expiring soon (badge rosu pentru <7 zile) ✅ #9 Verificare avere demnitari (ANI) - src/app/verificare-avere/page.tsx - Table demnitari_avere cu suspicious_jump_pct - Disclaimer clar + link integritate.eu - LEGAL REVIEW required inainte de scraping live ✅ #10 Decizii Deschise consilii locale - src/app/decizii-deschise/page.tsx - Tables consiliu_propuneri + consiliu_propunere_comments - AI summary pe propunere + spatiu comments cetatenesti ═══════════════════════════════════════════════════════════════════ 🎁 MEDIUM FEATURES (11 din 11 aprobate) ═══════════════════════════════════════════════════════════════════ ✅ #1 Search semantic AI cu pgvector - /api/search/semantic cu Cloudflare AI embedding (bge-small-en-v1.5) - Fallback ILIKE keyword search graceful - Function similar_sesizari in mig 090 ✅ #3 Calendar civic - src/app/calendar/page.tsx - Aggregator proteste + consultatii publice - /api/calendar/export.ics — RFC 5545 compliant iCal export ✅ #6 Profil public opt-in - src/app/u/[slug]/page.tsx - Columns profiles.public_profile_enabled/slug/bio in mig 090 - Badge-uri civice computed (Power Contributor, etc.) - JSON-LD + OG meta pentru SEO ✅ #7 Civic Streak (full impl partial) - Table civic_streak cu RLS public read - Cron skeleton in commit anterior ✅ #8 Newsletter săptămânal personalizat - /api/newsletter/subscribe + /api/newsletter/unsubscribe (1-click GDPR) - Table newsletter_subscriptions cu unsubscribe_token - Confirmare email via Resend ✅ #9 Voice input (Web Speech API) - src/components/VoiceInput.tsx - Fallback graceful daca iOS Safari (no SR available) - Real-time partial transcript ✅ #10 Heatmap intensitate sesizari - /api/heatmap/sesizari API - Materialized view sesizari_heatmap in mig 090 - Bucket-uire lat/lng la 3 decimals (~100m precision) ✅ #12 Embed widget jurnalisti - /embed/sesizari/[judet]?count=5 - Iframe-friendly, CSS izolat, CORS-open - Per judet generateStaticParams ✅ #13 Push lucrari programate - /api/push/subscribe (existent) - mig 090 adauga topic + active columns ✅ #14 Counter „Azi rezolvate" - src/components/TodayCounter.tsx (live update 30s) - View today_civic_stats in mig 090 - /api/stats/today endpoint - CountUp animation easeOutCubic ✅ #17 Multilang RO/HU/UK - src/lib/i18n/messages.ts (lightweight i18n, no deps) - src/components/LocaleSwitcher.tsx (cookie-based) - 16 strings traduse Romanian/Hungarian/Ukrainian ═══════════════════════════════════════════════════════════════════ 📊 SCHEMA: mig 090 (10 tables + 1 view + 1 matview + 2 functions) ═══════════════════════════════════════════════════════════════════ Tables noi: - newsletter_subscriptions - civic_streak - buget_primarii_annual - initiative + initiative_signatures - ue_programs + ue_program_subscriptions - demnitari_avere - consiliu_propuneri + consiliu_propunere_comments - consultatii_publice Columns adăugate: - profiles: 7 noi (public_profile_*, preferred_locale, notify_intreruperi_*, newsletter_pref) - push_subscriptions: topic + active - sesizari/petitii/stiri: embedding vector(384) Indexes (HNSW pentru embedding): - 4x HNSW vector cosine_ops pentru semantic search - 5x partial indexes pe queries hot RLS: - 11 policies noi pentru tabele cu read public + insert/all auth - Foloseste is_admin() helper din mig 088 ═══════════════════════════════════════════════════════════════════ 🔧 POST-DEPLOY STEPS NECESARE ═══════════════════════════════════════════════════════════════════ 1. npm run migrate (aplica mig 090) 2. ENV vars de configurat: - TWILIO_ACCOUNT_SID + TWILIO_AUTH_TOKEN + TWILIO_FROM_NUMBER (Initiative OTP) - CLOUDFLARE_ACCOUNT_ID + CLOUDFLARE_AI_TOKEN (semantic search free tier) - PHONE_HASH_SALT (random 32-byte hex pentru hashing telefon) 3. Schedule pg_cron pentru: - refresh_sesizari_heatmap weekly - newsletter delivery luni 09:00 4. Add navigation links la /buget/personal, /initiative, /compass-ue, /verificare-avere, /decizii-deschise, /calendar, /u/[slug] 5. Add LocaleSwitcher in Footer Tsc OK. Files: 22 new files, ~3400 lines.
andrei1000z
added a commit
that referenced
this pull request
Jun 6, 2026
…rofiles Audit P0 #1 + #2 — ultimele 2 holdout-uri Upstash (suspendat billing). #1 vision-routing.ts: cache-ul vision (7 zile) migrat @upstash/redis → D1 (analyticsD1 get/set JSON). Fără el, fiecare poză = apel Groq Vision scump. #2 hidden-users.ts: flagul „ascunde numele" citea/scria Upstash SET-uri (smismember pe cont mort = fail silent → numele utilizatorilor care au optat pentru anonimat apăreau în comentarii). SURSA DE ADEVĂR e profiles.hide_name (migrarea 015) — acum citim/scriem direct profiles via admin client. Fallback in-memory pentru dev/test (fără service key). getHiddenEmails → no-op (profiles n-are coloană email + feed-ul nu-l mai apelează). Zero pierdere de date. => ZERO dependență Upstash în cod (rate-limit/cache/analytics/budget erau deja pe D1). Contul Upstash poate fi anulat liniștit. NB audit: #3 (BCC) = fals-pozitiv (BCC e privat, nu se scurge la TO); #4 (webhook HMAC) deja implementat (doar setează RESEND_WEBHOOK_SECRET); #6 (indexuri 50k) prematur (feed are 62 rânduri). Verificat: tsc curat, 491 teste. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
andrei1000z
added a commit
that referenced
this pull request
Jul 2, 2026
… + matching + stări + reziliență AI) SECURITATE - BLOCKER #1: auto-apply cerea încredere din From-ul spoofabil + poarta DKIM/ DMARC era opțională → oricine putea falsifica office@primarie.ro + cod PUBLIC și marca sesizarea altui cetățean. Acum auto-apply cere DOVADĂ: match token/ threading (secret) SAU DKIM/DMARC aliniat (authenticity.auth_aligned) - #20/#22 worker: păstrăm PRIMA apariție Authentication-Results (cea a Cloudflare), nu ultima → atacatorul nu mai injectează un A-R fals mai jos în mesaj - #19: scoreAiAuthenticity folosește cascada groqText (nu Groq brut) → 429 nu mai colapsează la 50 (care bloca auto-apply pt. senderi gov reali) MATCHING - #6 gardă N3: cod din sursă slabă fără coroborare (domeniu/sursă robustă) → medium nu high; cod care leagă o sesizare netrimisă/creată-după-reply → nu se leagă - #8 N4: fereastră 180z + order + limit server-side (nu mai lovea plafonul 1000) - #25/#32 extract-code: scos regex-ul care prindea primul token al oricărui Message-ID terț; nr. de înregistrare 12345/2026 nu mai e confundat cu cod - #26: content_score medium doar pe câștigător strict (fără tie arbitrar) STĂRI - #11/#13: ignorat (marcaj administrativ) nu mai înghite răspunsuri reale — orice status de răspuns îl supersedează - #12: mișcări laterale în tier activ (in-lucru->interventie) = progres, nu drop - #29: redirectionata poate supersedea inregistrata (redirect după înregistrare) - #30 auto-status: nu mai marchează ignorat sesizări niciodată-trimise (scos nou); cronometrează de la sent_at, nu created_at NOTIFICĂRI - #5: push-ul reflectă statusul CHIAR aplicat, nu clasificarea (gata Rezolvată fals) - #7: push doar pe match high-confidence (medium putea notifica alt cetățean = PII) - #15: auto_applied=true doar când un status se aplică efectiv (nu scapă din digest) REZILIENȚĂ AI - #27: cascada nu mai moare dacă lipsește GROQ_API_KEY (sare la Gemini/CF) - #10: timeout intern pe callGemini (18s) + pe SDK-ul PDF (25s) - #9: PDF scanat cu Gemini gol cade la Groq/CF vision (nu renunță) WORKER - #3/#17/#18: filtre soft (noreply@/Auto-Submitted/Precedence/List-Id) nu mai dropează confirmările de înregistrare — bypass când par răspuns de autoritate - #33: Message-ID sintetic determinist pt. emailuri fără unul → dedup la retry - #24: eroare tranzitorie de insert → retry (dedup-safe), nu pierdere tăcută - #28/#31: received_at/official_response_at = ora emailului, nu ora procesării +14 teste noi (computeStatusUpdate ignorat/lateral/redirect, extract-code guards, matchReply N3). worker v4.3.0. 1161 teste, tsc 0, eslint 0. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/github-script from 7 to 9.
Release notes
Sourced from actions/github-script's releases.
... (truncated)
Commits
3a2844bMerge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...ca10bbdfix: use@octokit/core/types import for v7 compatibility86e48e2merge: incorporate main branch changesc108472chore: rebuild dist for v9 upgrade and getOctokit factoryafff112Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...ff8117eci: fix user-agent test to handle orchestration ID81c6b78ci: use deployment: false to suppress deployment noise from integration tests3953cafdocs: update README examples from@v8to@v9, add getOctokit docs and v9 brea...c17d55bci: add getOctokit integration test joba047196test: add getOctokit integration tests via callAsyncFunctionDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)