Update static analysis workflows and server configuration

- Updated .github/codeql/codeql-config.yml for refined code scanning setup
- Updated .github/workflows/static-analysis.yml to improve CI static analysis
- Updated package.json and package-lock.json with dependency changes
- Modified server/index.js for backend adjustments and stability improvements

Author: MStarRobotics

.github/codeql/codeql-config.yml

@@ -1,11 +1,32 @@
-## CodeQL default setup configuration (compatible with default setup)
-## Note: Default setup only supports 'paths-ignore'. Any additional keys
-## like 'queries', 'paths', or 'packs' would be treated as an advanced
-## configuration and will cause the "advanced configurations cannot be
-## processed" error. Keep this file minimal.
+name: "CodeQL Configuration"
+
+# Exclude server and scripts directories from JavaScript analysis
+# These directories are Node.js backend code and don't follow the same
+# patterns as the frontend TypeScript/React code
 
 paths-ignore:
   - 'server/**'
   - 'scripts/**'
   - 'dist/**'
   - 'node_modules/**'
+
+# Only analyze source code directories
+paths:
+  - '**/*.ts'
+  - '**/*.tsx'
+  - '**/*.js'
+  - '**/*.jsx'
+
+# Exclude test and configuration files
+exclude:
+  - '**/*.test.ts'
+  - '**/*.test.tsx'
+  - '**/*.spec.ts'
+  - '**/*.spec.tsx'
+  - '**/*.config.js'
+  - '**/*.config.mjs'
+  - '**/*.config.ts'
+
+# Query suite configuration
+queries:
+  - uses: security-and-quality

.github/workflows/static-analysis.yml

@@ -27,19 +27,27 @@ jobs:
           node-version: 20
           cache: 'npm'
 
-      # yamllint disable-line rule:line-length
       - name: Create CI .env
+        env:
+          VITE_FIREBASE_API_KEY: ${{ secrets.VITE_FIREBASE_API_KEY }}
+          VITE_FIREBASE_AUTH_DOMAIN: ${{ secrets.VITE_FIREBASE_AUTH_DOMAIN }}
+          VITE_FIREBASE_PROJECT_ID: ${{ secrets.VITE_FIREBASE_PROJECT_ID }}
+          VITE_FIREBASE_STORAGE_BUCKET: ${{ secrets.VITE_FIREBASE_STORAGE_BUCKET }}
+          VITE_FIREBASE_MESSAGING_SENDER_ID: ${{ secrets.VITE_FIREBASE_MESSAGING_SENDER_ID }}
+          VITE_FIREBASE_APP_ID: ${{ secrets.VITE_FIREBASE_APP_ID }}
+          VITE_FIREBASE_MEASUREMENT_ID: ${{ secrets.VITE_FIREBASE_MEASUREMENT_ID }}
+          VITE_GEMINI_API_KEY: ${{ secrets.VITE_GEMINI_API_KEY }}
         run: |
-          cat <<'ENVEOF' > .env
-          VITE_FIREBASE_API_KEY=${{ secrets.VITE_FIREBASE_API_KEY }}
-          VITE_FIREBASE_AUTH_DOMAIN=${{ secrets.VITE_FIREBASE_AUTH_DOMAIN }}
-          VITE_FIREBASE_PROJECT_ID=${{ secrets.VITE_FIREBASE_PROJECT_ID }}
-          VITE_FIREBASE_STORAGE_BUCKET=${{ secrets.VITE_FIREBASE_STORAGE_BUCKET }}
-          VITE_FIREBASE_MESSAGING_SENDER_ID=${{ secrets.VITE_FIREBASE_MESSAGING_SENDER_ID }}
-          VITE_FIREBASE_APP_ID=${{ secrets.VITE_FIREBASE_APP_ID }}
-          VITE_FIREBASE_MEASUREMENT_ID=${{ secrets.VITE_FIREBASE_MEASUREMENT_ID }}
-          VITE_GEMINI_API_KEY=${{ secrets.VITE_GEMINI_API_KEY }}
-          ENVEOF
+          {
+            echo "VITE_FIREBASE_API_KEY=$VITE_FIREBASE_API_KEY"
+            echo "VITE_FIREBASE_AUTH_DOMAIN=$VITE_FIREBASE_AUTH_DOMAIN"
+            echo "VITE_FIREBASE_PROJECT_ID=$VITE_FIREBASE_PROJECT_ID"
+            echo "VITE_FIREBASE_STORAGE_BUCKET=$VITE_FIREBASE_STORAGE_BUCKET"
+            echo "VITE_FIREBASE_MESSAGING_SENDER_ID=$VITE_FIREBASE_MESSAGING_SENDER_ID"
+            echo "VITE_FIREBASE_APP_ID=$VITE_FIREBASE_APP_ID"
+            echo "VITE_FIREBASE_MEASUREMENT_ID=$VITE_FIREBASE_MEASUREMENT_ID"
+            echo "VITE_GEMINI_API_KEY=$VITE_GEMINI_API_KEY"
+          } > .env
 
       - name: Install dependencies
         run: npm install