chore: update dependencies in package.json

* Potential fix for code scanning alert no. 4: Cache Poisoning via execution of untrusted code

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* chore: auto-fix linting and formatting issues

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

.github/workflows/Deploy.yml

@@ -1,4 +1,6 @@
 name: Build and push Docker image
+permissions:
+  contents: read
 
 on:
   push:

.github/workflows/auto-fix-lint-format-commit.yml

@@ -1,7 +1,10 @@
 name: Auto Fix Lint and Format
+permissions:
+  contents: read
+  pull-requests: write
 
 on:
-  pull_request_target:
+  pull_request:
     types: [opened, synchronize]
 
 jobs:

auth.ts

@@ -1,12 +1,12 @@
 import getEnv from "@/lib/env-entry"
-import CryptoJS from "crypto-js"
+import bcrypt from "bcrypt"
 import NextAuth from "next-auth"
 import CredentialsProvider from "next-auth/providers/credentials"
 
 export const { handlers, signIn, signOut, auth } = NextAuth({
   secret:
     process.env.AUTH_SECRET ??
-    CryptoJS.MD5(`this_is_nezha_dash_web_secret_${getEnv("SitePassword")}`).toString(),
+    bcrypt.hashSync(`this_is_nezha_dash_web_secret_${getEnv("SitePassword")}`, 10),
   trustHost: (process.env.AUTH_TRUST_HOST as boolean | undefined) ?? true,
   providers: [
     CredentialsProvider({

package.json

@@ -26,10 +26,12 @@
     "@radix-ui/react-switch": "^1.1.3",
     "@radix-ui/react-tooltip": "^1.1.8",
     "@trivago/prettier-plugin-sort-imports": "^5.2.2",
+    "@types/bcrypt": "^5.0.2",
     "@types/crypto-js": "^4.2.2",
     "@types/d3-geo": "^3.1.0",
     "@types/luxon": "^3.4.2",
     "babel-plugin-react-compiler": "^19.0.0-beta-e552027-20250112",
+    "bcrypt": "^5.1.1",
     "caniuse-lite": "^1.0.30001707",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
@@ -43,9 +45,9 @@
     "lucide-react": "^0.474.0",
     "luxon": "^3.5.0",
     "maxmind": "^4.3.24",
-    "next": "^15.2.3",
+    "next": "^15.2.4",
     "next-auth": "^5.0.0-beta.25",
-    "next-intl": "^3.26.5",
+    "next-intl": "^4.0.2",
     "next-runtime-env": "^3.2.2",
     "next-themes": "^0.4.6",
     "react": "^19.0.0",
@@ -56,20 +58,20 @@
     "recharts": "^2.15.1",
     "sharp": "^0.33.5",
     "swr": "^2.3.3",
-    "tailwind-merge": "^2.6.0",
+    "tailwind-merge": "^3.0.2",
     "tailwindcss-animate": "^1.0.7"
   },
   "devDependencies": {
     "@biomejs/biome": "1.9.4",
-    "@next/bundle-analyzer": "^15.2.3",
+    "@next/bundle-analyzer": "^15.2.4",
     "@tailwindcss/postcss": "^4.0.15",
-    "@types/node": "^22.13.11",
+    "@types/node": "^22.13.13",
     "@types/react": "^19.0.12",
     "@types/react-dom": "^19.0.4",
     "postcss": "^8.5.3",
     "tailwindcss": "^4.0.15",
     "typescript": "^5.8.2",
-    "vercel": "^39.4.2"
+    "vercel": "^41.4.1"
   },
   "overrides": {
     "react-is": "^19.0.0-rc-69d4b800-20241021"