fix(security): xlsx CVE bump and bundled security hardening

[waleedlatif1]

Summary

• bump xlsx to 0.20.3 (CDN tarball) to address CVE-2023-30533 (prototype pollution) and CVE-2024-22363 (ReDoS)
• enforce workspace boundary on workspace-scoped API keys for /api/v1/workflows, /api/v1/workflows/[id], /api/v1/logs, /api/v1/logs/[id], /api/v1/logs/executions/[executionId]
• add CSRF state protection to Trello OAuth (authorize, callback, store) — httpOnly cookie binding, JS-escaped state injection, required state on store body
• close DNS-rebinding window in agiloft tools by pinning resolved IP across login/op/logout via secureFetchWithPinnedIP
• block workflowId repointing on chat/manage/[id] PATCH to prevent privilege escalation through chat deployments
• verify Stripe webhook signatures via constructEvent (constant-time HMAC + timestamp tolerance)
• harden microsoft-dataverse and grafana tool fetches with secureFetchWithValidation for SSRF
• add validateAgiloftInstanceUrl shared validator

Type of Change

• Bug fix

Testing

Tested manually. bun run check:api-validation and lint pass.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	May 6, 2026 11:22pm

[cursor]

PR Summary

Medium Risk
Touches security-critical paths (OAuth state handling, Stripe webhook auth, and workspace authorization for v1 APIs) and changes third-party dependencies (notably xlsx), so regressions could impact integrations or API access behavior.

Overview
Security hardening across integrations and v1 APIs. Trello OAuth now uses a short-lived httpOnly state cookie bound to the callback/store flow (and requires state in the store payload), plus safer JS string injection and explicit failure redirects.

Authorization boundaries tightened. v1 logs/workflows endpoints stop relying on SQL joins for permissions and instead enforce workspace access and workspace-scoped API key boundaries via validateWorkspaceAccess/checkWorkspaceScope, returning 404s on unauthorized access for some resources; chat/manage/[id] now rejects attempts to repoint workflowId.

Request validation + dependency hygiene. Dataverse file upload switches to secureFetchWithValidation for SSRF protection; Stripe webhook handling adds signature verification (Stripe.webhooks.constructEvent). Dependencies are updated (including xlsx via the SheetJS CDN tarball and bumps to nodemailer, js-yaml, @modelcontextprotocol/sdk), and the scripts folder is moved into the Bun workspace with local lockfiles removed and docs updated.

^{Reviewed by Cursor Bugbot for commit d3dc1d7. Configure here.}

[greptile-apps]

Greptile Summary

This PR applies a broad security hardening pass across several subsystems: CSRF state protection for Trello OAuth, Stripe webhook HMAC verification, SSRF guards on Microsoft Dataverse fetches, workspace-boundary enforcement on v1 API endpoints, and a workflowId repointing block on chat deployments. The xlsx dependency is also bumped to 0.20.3 (CDN tarball) to address prototype-pollution and ReDoS CVEs.

• Trello CSRF: A 32-char random state is generated on authorize, bound to an httpOnly SameSite=lax cookie, embedded in the callback page via escapeForJsString, and re-verified in store before token persistence — cookie cleared on both success and failure.
• API v1 workspace scope: validateWorkspaceAccess centralises checkWorkspaceScope + getUserEntityPermissions and is wired into all five affected endpoints; detail endpoints that previously used a permissions innerJoin now do a post-fetch access check, returning 404 on denial.
• Stripe / Dataverse / chat: Stripe.webhooks.constructEvent (static, no API key) handles constant-time HMAC; secureFetchWithValidation adds DNS-pinned SSRF protection to Dataverse uploads; PATCH on chat/manage/[id] hard-rejects any attempt to remap workflowId.

Confidence Score: 5/5

Safe to merge — all new security mechanisms are correctly implemented and the existing test surface is unaffected.

Each hardening change is self-contained and well-scoped: the Trello CSRF flow correctly binds state to an httpOnly cookie and clears it on completion, the Stripe HMAC path uses the static SDK method without any key coupling, workspace-scope enforcement is centralised in a single middleware helper reused consistently across all five endpoints, and the Dataverse SSRF guard leverages the existing DNS-pinning infrastructure.

The three Trello route files each define TRELLO_STATE_COOKIE and TRELLO_STATE_COOKIE_PATH independently — a future rename in one file without updating the others would silently break CSRF protection.

Security Review

• xlsx supply chain: xlsx is now pulled from cdn.sheetjs.com rather than the npm registry. The bun.lock hash pins the tarball content, but npm audit / bun audit will not scan this package for future advisories.
• No secrets, credentials, or tokens are logged or leaked in the new code paths.
• Trello CSRF implementation is sound: httpOnly cookie, SameSite=lax, JS-escaped state, single-use token cleared on both success and error.
• Stripe verifyAuth correctly uses the static Stripe.webhooks.constructEvent, avoiding API-key coupling.
• secureFetchWithValidation resolves DNS before connecting and pins the IP, closing the TOCTOU rebinding window for Dataverse uploads.

Important Files Changed

Filename	Overview
apps/sim/app/api/auth/trello/authorize/route.ts	Adds CSRF state generation: creates a 32-char state, appends it to the Trello return URL, and binds it to an httpOnly SameSite=lax cookie. Constants duplicated across the three Trello files.
apps/sim/app/api/auth/trello/callback/route.ts	Validates query state matches httpOnly cookie before rendering the callback HTML page; uses escapeForJsString to safely embed the state into the inline fetch call sent to store.
apps/sim/app/api/auth/trello/store/route.ts	Second leg of state check: validates the state in the POST body against the httpOnly cookie and clears the cookie on both success and failure paths.
apps/sim/app/api/chat/manage/[id]/route.ts	Blocks workflowId repointing on PATCH, preventing privilege escalation through chat deployments.
apps/sim/lib/webhooks/providers/stripe.ts	Adds verifyAuth using Stripe.webhooks.constructEvent (static, no API key required) for constant-time HMAC verification.
apps/sim/app/api/tools/microsoft-dataverse/upload-file/route.ts	Replaces plain fetch with secureFetchWithValidation to add DNS resolution and SSRF protection for the Dataverse environment URL.
apps/sim/app/api/v1/logs/route.ts	Adds checkWorkspaceScope to prevent workspace-scoped API keys from listing logs belonging to a different workspace.
apps/sim/app/api/v1/logs/[id]/route.ts	Replaces the permissions innerJoin with a post-fetch validateWorkspaceAccess call; returns 404 on access failures.
apps/sim/app/api/v1/workflows/route.ts	Replaces direct getUserEntityPermissions call with validateWorkspaceAccess for consistent workspace boundary enforcement.
apps/sim/package.json	Bumps xlsx to 0.20.3 via CDN tarball and upgrades other dependencies; xlsx CDN URL bypasses npm audit scanning.

_{Reviews (4): Last reviewed commit: "fix(security): bump minimatch + clean up..." | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit d3dc1d7. Configure here.}