fix(security): raise password minimum to 12 chars, hide raw error messages, add audit script

- Password validation: min(8) → min(12) across auth.ts, user-procedure-support.ts, and invite.ts (aligns with NIST SP 800-63B modern recommendations) - Error boundary: stop rendering raw error.message which could leak internal details; always show the generic fallback text - Add `pnpm audit` script (--audit-level=high) for dependency vulnerability scanning Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-09 21:48:51 +02:00
parent 20fb39fd05
commit 97cfd0ed90
5 changed files with 6 additions and 5 deletions
@@ -34,7 +34,7 @@ export default function AppError({
        Something went wrong
      </h2>
      <p className="text-sm text-gray-500 dark:text-gray-400 mb-6 max-w-sm">
-        {error.message || "An unexpected error occurred. The team has been notified."}
+        {"An unexpected error occurred. The team has been notified."}
      </p>
      {error.digest && (
        <p className="text-xs text-gray-400 dark:text-gray-500 mb-4 font-mono">