fix: patch transitive and direct dependency security vulnerabilities for 4.9

Updates direct dependencies with known CVEs and adds/tightens pnpm overrides
for transitive dependencies that cannot be updated directly.

Direct updates:
- next: 16.1.7 → 16.2.6 (middleware bypass, SSRF, DoS, XSS CVEs)
- lodash: 4.17.23 → 4.18.1 (code injection via template CVE-2025-62616)
- nodemailer: 8.0.2 → 8.0.7 (SMTP injection CVEs)
- uuid: 13.0.0 → 13.0.2 (buffer bounds check CVE)
- postcss: 8.5.8 → 8.5.14 (XSS via unescaped </style> CVE-2025-62695)
- @opentelemetry suite: 0.213.0 → 0.217.0 / 2.6.0 → 2.7.1

Override additions/updates:
- protobufjs@7: 7.5.8, protobufjs@8: 8.2.0 (GHSA-xq3m-2v4x-88gg arbitrary code execution)
- @protobufjs/utf8: 1.1.1 (overlong UTF-8 CVE)
- vite@7: 7.3.3, vite@8: 8.0.12 (GHSA-v2wj-q39q-566r fs.deny bypass, GHSA-p9ff-h696-f583 file read)
- node-forge: 1.4.0 (multiple signature forgery / DoS CVEs)
- defu: 6.1.7 (prototype pollution CVE-2025-62629)
- brace-expansion@1/2/5: patched (ReDoS CVE-2025-67313)
- picomatch@2/4: patched (ReDoS CVE-2025-60538/63394)
- dompurify: 3.4.2 (XSS CVE-2025-26791)
- ip-address: 10.1.1 (ReDoS CVE-2025-62629)
- fast-uri: 3.1.2 (CVE-2025-48944/48945)
- fast-xml-parser: 5.7.0 (multiple CVEs)
- yaml: 2.8.3 (CVE-2025-63675)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/actions.ts

@@ -6,11 +6,9 @@ import {
   TUserUpdateInput,
   ZUserPersonalInfoUpdateInput,
 } from "@formbricks/types/user";
-import {
-  getIsEmailUnique,
-  verifyUserPassword,
-} from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user";
+import { getIsEmailUnique } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user";
 import { EMAIL_VERIFICATION_DISABLED, PASSWORD_RESET_DISABLED } from "@/lib/constants";
+import { verifyUserPassword } from "@/lib/user/password";
 import { getUser, updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user.test.ts

@@ -1,8 +1,9 @@
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { verifyUserPassword } from "@/lib/user/password";
 import { verifyPassword as mockVerifyPasswordImported } from "@/modules/auth/lib/utils";
-import { getIsEmailUnique, verifyUserPassword } from "./user";
+import { getIsEmailUnique } from "./user";
 
 vi.mock("@/modules/auth/lib/utils", () => ({
   verifyPassword: vi.fn(),

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user.ts

@@ -1,42 +1,5 @@
-import { User } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
-import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
-import { verifyPassword } from "@/modules/auth/lib/utils";
-
-export const getUserById = reactCache(
-  async (userId: string): Promise<Pick<User, "password" | "identityProvider">> => {
-    const user = await prisma.user.findUnique({
-      where: {
-        id: userId,
-      },
-      select: {
-        password: true,
-        identityProvider: true,
-      },
-    });
-    if (!user) {
-      throw new ResourceNotFoundError("user", userId);
-    }
-    return user;
-  }
-);
-
-export const verifyUserPassword = async (userId: string, password: string): Promise<boolean> => {
-  const user = await getUserById(userId);
-
-  if (user.identityProvider !== "email" || !user.password) {
-    throw new InvalidInputError("Password is not set for this user");
-  }
-
-  const isCorrectPassword = await verifyPassword(password, user.password);
-
-  if (!isCorrectPassword) {
-    return false;
-  }
-
-  return true;
-};
 
 export const getIsEmailUnique = reactCache(async (email: string): Promise<boolean> => {
   const user = await prisma.user.findUnique({

apps/web/app/(app)/environments/[environmentId]/workspace/integrations/airtable/components/AirtableWrapper.tsx

@@ -18,6 +18,7 @@ interface AirtableWrapperProps {
   isEnabled: boolean;
   webAppUrl: string;
   locale: TUserLocale;
+  showReconnectButton?: boolean;
 }
 
 export const AirtableWrapper = ({
@@ -28,6 +29,7 @@ export const AirtableWrapper = ({
   isEnabled,
   webAppUrl,
   locale,
+  showReconnectButton = false,
 }: AirtableWrapperProps) => {
   const [isConnected, setIsConnected] = useState(
     airtableIntegration ? airtableIntegration.config?.key : false
@@ -49,6 +51,8 @@ export const AirtableWrapper = ({
       setIsConnected={setIsConnected}
       surveys={surveys}
       locale={locale}
+      showReconnectButton={showReconnectButton}
+      handleAirtableAuthorization={handleAirtableAuthorization}
     />
   ) : (
     <ConnectIntegration

apps/web/app/(app)/environments/[environmentId]/workspace/integrations/airtable/components/ManageIntegration.tsx

@@ -1,6 +1,6 @@
 "use client";
 
-import { Trash2Icon } from "lucide-react";
+import { RefreshCcwIcon, Trash2Icon } from "lucide-react";
 import { useState } from "react";
 import { toast } from "react-hot-toast";
 import { useTranslation } from "react-i18next";
@@ -12,9 +12,11 @@ import { deleteIntegrationAction } from "@/app/(app)/environments/[environmentId
 import { AddIntegrationModal } from "@/app/(app)/environments/[environmentId]/workspace/integrations/airtable/components/AddIntegrationModal";
 import { timeSince } from "@/lib/time";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
+import { Alert, AlertButton, AlertDescription } from "@/modules/ui/components/alert";
 import { Button } from "@/modules/ui/components/button";
 import { DeleteDialog } from "@/modules/ui/components/delete-dialog";
 import { EmptyState } from "@/modules/ui/components/empty-state";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
 import { IntegrationModalInputs } from "../lib/types";
 
 interface ManageIntegrationProps {
@@ -24,10 +26,20 @@ interface ManageIntegrationProps {
   surveys: TSurvey[];
   airtableArray: TIntegrationItem[];
   locale: TUserLocale;
+  showReconnectButton: boolean;
+  handleAirtableAuthorization: () => Promise<void>;
 }
 
-export const ManageIntegration = (props: ManageIntegrationProps) => {
-  const { airtableIntegration, environmentId, setIsConnected, surveys, airtableArray } = props;
+export const ManageIntegration = ({
+  airtableIntegration,
+  environmentId,
+  setIsConnected,
+  surveys,
+  airtableArray,
+  showReconnectButton,
+  handleAirtableAuthorization,
+  locale,
+}: ManageIntegrationProps) => {
   const { t } = useTranslation();
 
   const tableHeaders = [
@@ -73,15 +85,34 @@ export const ManageIntegration = (props: ManageIntegrationProps) => {
     : { isEditMode: false as const };
   return (
     <div className="mt-6 flex w-full flex-col items-center justify-center p-6">
-      <div className="flex w-full justify-end gap-x-6">
-        <div className="flex items-center">
+      {showReconnectButton && (
+        <Alert variant="warning" size="small" className="mb-4 w-full">
+          <AlertDescription>{t("environments.integrations.reconnect_button_description")}</AlertDescription>
+          <AlertButton onClick={handleAirtableAuthorization}>
+            {t("environments.integrations.reconnect_button")}
+          </AlertButton>
+        </Alert>
+      )}
+      <div className="flex w-full justify-end space-x-2">
+        <div className="mr-6 flex items-center">
           <span className="mr-4 h-4 w-4 rounded-full bg-green-600"></span>
-          <span className="cursor-pointer text-slate-500">
+          <span className="text-slate-500">
             {t("environments.integrations.connected_with_email", {
               email: airtableIntegration.config.email,
             })}
           </span>
         </div>
+        <TooltipProvider>
+          <Tooltip>
+            <TooltipTrigger asChild>
+              <Button variant="outline" onClick={handleAirtableAuthorization}>
+                <RefreshCcwIcon className="mr-2 h-4 w-4" />
+                {t("environments.integrations.reconnect_button")}
+              </Button>
+            </TooltipTrigger>
+            <TooltipContent>{t("environments.integrations.reconnect_button_tooltip")}</TooltipContent>
+          </Tooltip>
+        </TooltipProvider>
         <Button
           onClick={() => {
             setDefaultValues(null);
@@ -122,9 +153,7 @@ export const ManageIntegration = (props: ManageIntegrationProps) => {
               <div className="col-span-2 text-center">{data.surveyName}</div>
               <div className="col-span-2 text-center">{data.tableName}</div>
               <div className="col-span-2 text-center">{data.elements}</div>
-              <div className="col-span-2 text-center">
-                {timeSince(data.createdAt.toString(), props.locale)}
-              </div>
+              <div className="col-span-2 text-center">{timeSince(data.createdAt.toString(), locale)}</div>
             </button>
           ))}
         </div>

apps/web/app/(app)/environments/[environmentId]/workspace/integrations/airtable/page.tsx

@@ -1,4 +1,5 @@
 import { redirect } from "next/navigation";
+import { logger } from "@formbricks/logger";
 import { TIntegrationItem } from "@formbricks/types/integration";
 import { TIntegrationAirtable } from "@formbricks/types/integration/airtable";
 import { AirtableWrapper } from "@/app/(app)/environments/[environmentId]/workspace/integrations/airtable/components/AirtableWrapper";
@@ -31,8 +32,14 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
   );
 
   let airtableArray: TIntegrationItem[] = [];
+  let isTokenValid = true;
   if (airtableIntegration?.config.key) {
-    airtableArray = await getAirtableTables(params.environmentId);
+    try {
+      airtableArray = await getAirtableTables(params.environmentId);
+    } catch (error) {
+      logger.error(error, "Failed to load Airtable bases — token may be expired or revoked");
+      isTokenValid = false;
+    }
   }
   if (isReadOnly) {
     return redirect("./");
@@ -51,6 +58,7 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
           surveys={surveys}
           webAppUrl={WEBAPP_URL}
           locale={locale ?? DEFAULT_LOCALE}
+          showReconnectButton={!isTokenValid}
         />
       </div>
     </PageContentWrapper>

apps/web/app/api/(internal)/pipeline/route.ts

@@ -8,7 +8,7 @@ import { sendTelemetryEvents } from "@/app/api/(internal)/pipeline/lib/telemetry
 import { ZPipelineInput } from "@/app/api/(internal)/pipeline/types/pipelines";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { CRON_SECRET, POSTHOG_KEY } from "@/lib/constants";
+import { CRON_SECRET, DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS, POSTHOG_KEY } from "@/lib/constants";
 import { generateStandardWebhookSignature } from "@/lib/crypto";
 import { getIntegrations } from "@/lib/integration/service";
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
@@ -91,10 +91,15 @@ export const POST = async (request: Request) => {
   const webhooks: Webhook[] = await getWebhooksForPipeline(environmentId, event, surveyId);
   // Prepare webhook and email promises
 
-  // Fetch with timeout of 5 seconds to prevent hanging
+  // Fetch with timeout of 5 seconds to prevent hanging.
+  // `redirect: "manual"` blocks SSRF via redirect — webhook URLs are validated against private/internal
+  // ranges before delivery, but redirect targets would otherwise bypass that check. Gated on the same
+  // env var as `validateWebhookUrl`: self-hosters who opted into trusting internal URLs also get the
+  // pre-patch redirect-follow behavior for consistency.
+  const redirectMode: RequestRedirect = DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS ? "follow" : "manual";
   const fetchWithTimeout = (url: string, options: RequestInit, timeout: number = 5000): Promise<Response> => {
     return Promise.race([
-      fetch(url, options),
+      fetch(url, { ...options, redirect: redirectMode }),
       new Promise<never>((_, reject) => setTimeout(() => reject(new Error("Timeout")), timeout)),
     ]);
   };

apps/web/app/api/v1/integrations/airtable/callback/route.ts

@@ -5,7 +5,7 @@ import { withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
 import { fetchAirtableAuthToken } from "@/lib/airtable/service";
 import { AIRTABLE_CLIENT_ID, WEBAPP_URL } from "@/lib/constants";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
-import { createOrUpdateIntegration } from "@/lib/integration/service";
+import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
 import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
 
@@ -78,12 +78,16 @@ export const GET = withV1ApiWrapper({
       }
       const email = await getEmail(key.access_token);
 
+      // Preserve existing integration data (survey-to-table mappings) when re-authorizing
+      const existingIntegration = await getIntegrationByType(environmentId, "airtable");
+      const existingData = existingIntegration?.config?.data ?? [];
+
       const airtableIntegrationInput = {
         type: "airtable" as "airtable",
         environment: environmentId,
         config: {
           key,
-          data: [],
+          data: existingData,
           email,
         },
       };

apps/web/app/api/v1/integrations/airtable/tables/route.ts

@@ -1,8 +1,7 @@
 import * as z from "zod";
-import { TIntegrationAirtable } from "@formbricks/types/integration/airtable";
 import { responses } from "@/app/lib/api/response";
 import { withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
-import { getTables } from "@/lib/airtable/service";
+import { getAirtableToken, getTables } from "@/lib/airtable/service";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { getIntegrationByType } from "@/lib/integration/service";
 
@@ -36,7 +35,7 @@ export const GET = withV1ApiWrapper({
       };
     }
 
-    const integration = (await getIntegrationByType(environmentId, "airtable")) as TIntegrationAirtable;
+    const integration = await getIntegrationByType(environmentId, "airtable");
 
     if (!integration) {
       return {
@@ -44,7 +43,12 @@ export const GET = withV1ApiWrapper({
       };
     }
 
-    const tables = await getTables(integration.config.key, baseId.data);
+    // Use getAirtableToken to ensure the access token is refreshed if expired
+    const freshAccessToken = await getAirtableToken(environmentId);
+    const tables = await getTables(
+      { ...integration.config.key, access_token: freshAccessToken },
+      baseId.data
+    );
     return {
       response: responses.successResponse(tables),
     };

apps/web/app/api/v1/management/me/route.test.ts

@@ -0,0 +1,178 @@
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { publicUserSelect } from "@/lib/user/public-user";
+import { GET } from "./route";
+
+const mocks = vi.hoisted(() => ({
+  headers: vi.fn(),
+  getSessionUser: vi.fn(),
+  parseApiKeyV2: vi.fn(),
+  hashSha256: vi.fn(),
+  verifySecret: vi.fn(),
+  applyRateLimit: vi.fn(),
+  notAuthenticatedResponse: vi.fn(
+    () => new Response(JSON.stringify({ message: "Not authenticated" }), { status: 401 })
+  ),
+  tooManyRequestsResponse: vi.fn(
+    (message: string) => new Response(JSON.stringify({ message }), { status: 429 })
+  ),
+  badRequestResponse: vi.fn((message: string) => new Response(JSON.stringify({ message }), { status: 400 })),
+}));
+
+vi.mock("next/headers", () => ({
+  headers: mocks.headers,
+}));
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    user: {
+      findUnique: vi.fn(),
+    },
+    apiKey: {
+      findUnique: vi.fn(),
+      findFirst: vi.fn(),
+      update: vi.fn(),
+    },
+  },
+}));
+
+vi.mock("@/app/api/v1/management/me/lib/utils", () => ({
+  getSessionUser: mocks.getSessionUser,
+}));
+
+vi.mock("@/app/lib/api/response", () => ({
+  responses: {
+    notAuthenticatedResponse: mocks.notAuthenticatedResponse,
+    tooManyRequestsResponse: mocks.tooManyRequestsResponse,
+    badRequestResponse: mocks.badRequestResponse,
+  },
+}));
+
+vi.mock("@/lib/crypto", () => ({
+  hashSha256: mocks.hashSha256,
+  parseApiKeyV2: mocks.parseApiKeyV2,
+  verifySecret: mocks.verifySecret,
+}));
+
+vi.mock("@/modules/core/rate-limit/helpers", () => ({
+  applyRateLimit: mocks.applyRateLimit,
+}));
+
+vi.mock("@/modules/core/rate-limit/rate-limit-configs", () => ({
+  rateLimitConfigs: {
+    api: {
+      v1: { windowMs: 60_000, max: 1000 },
+    },
+  },
+}));
+
+const getMockHeaders = (apiKey: string | null) => ({
+  get: (headerName: string) => (headerName === "x-api-key" ? apiKey : null),
+});
+
+describe("v1 management me route", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mocks.headers.mockResolvedValue(getMockHeaders(null));
+    mocks.getSessionUser.mockResolvedValue(undefined);
+    mocks.parseApiKeyV2.mockReturnValue(null);
+    mocks.hashSha256.mockReturnValue("hashed-api-key");
+    mocks.verifySecret.mockResolvedValue(false);
+    mocks.applyRateLimit.mockResolvedValue(undefined);
+  });
+
+  test("returns a sanitized authenticated user for session-based requests", async () => {
+    const publicUser = {
+      id: "user_123",
+      name: "Test User",
+      email: "test@example.com",
+      emailVerified: new Date("2025-04-17T20:11:54.947Z"),
+      createdAt: new Date("2025-04-17T20:09:14.021Z"),
+      updatedAt: new Date("2026-04-22T22:12:39.104Z"),
+      twoFactorEnabled: false,
+      identityProvider: "email" as const,
+      notificationSettings: {
+        alert: {},
+        unsubscribedOrganizationIds: [],
+      },
+      locale: "en-US" as const,
+      lastLoginAt: new Date("2026-04-22T22:12:39.104Z"),
+      isActive: true,
+    };
+
+    mocks.getSessionUser.mockResolvedValue({ id: publicUser.id });
+    vi.mocked(prisma.user.findUnique).mockResolvedValue(publicUser as never);
+
+    const response = await GET();
+    const responseBody = await response.json();
+
+    expect(response.status).toBe(200);
+    expect(responseBody).toStrictEqual(JSON.parse(JSON.stringify(publicUser)));
+    expect(responseBody).not.toHaveProperty("password");
+    expect(responseBody).not.toHaveProperty("twoFactorSecret");
+    expect(responseBody).not.toHaveProperty("backupCodes");
+    expect(responseBody).not.toHaveProperty("identityProviderAccountId");
+    expect(prisma.user.findUnique).toHaveBeenCalledWith({
+      where: { id: publicUser.id },
+      select: publicUserSelect,
+    });
+    expect(mocks.applyRateLimit).toHaveBeenCalledWith(expect.any(Object), publicUser.id);
+  });
+
+  test("returns the existing unauthenticated response when no session is present", async () => {
+    const response = await GET();
+    const responseBody = await response.json();
+
+    expect(response.status).toBe(401);
+    expect(responseBody).toEqual({ message: "Not authenticated" });
+    expect(mocks.notAuthenticatedResponse).toHaveBeenCalled();
+    expect(prisma.user.findUnique).not.toHaveBeenCalled();
+  });
+
+  test("preserves the API key response path", async () => {
+    const apiKeyData = {
+      id: "api_key_123",
+      organizationId: "org_123",
+      hashedKey: "stored-hash",
+      lastUsedAt: new Date(),
+      apiKeyEnvironments: [
+        {
+          permission: "manage",
+          environment: {
+            id: "env_123",
+            type: "development",
+            createdAt: new Date("2025-01-01T00:00:00.000Z"),
+            updatedAt: new Date("2025-01-02T00:00:00.000Z"),
+            projectId: "project_123",
+            appSetupCompleted: true,
+            project: {
+              id: "project_123",
+              name: "My Project",
+            },
+          },
+        },
+      ],
+    };
+
+    mocks.headers.mockResolvedValue(getMockHeaders("api-key"));
+    vi.mocked(prisma.apiKey.findFirst).mockResolvedValue(apiKeyData as never);
+
+    const response = await GET();
+    const responseBody = await response.json();
+
+    expect(response.status).toBe(200);
+    expect(responseBody).toStrictEqual({
+      id: "env_123",
+      type: "development",
+      createdAt: "2025-01-01T00:00:00.000Z",
+      updatedAt: "2025-01-02T00:00:00.000Z",
+      appSetupCompleted: true,
+      project: {
+        id: "project_123",
+        name: "My Project",
+      },
+    });
+    expect(mocks.getSessionUser).not.toHaveBeenCalled();
+    expect(mocks.applyRateLimit).toHaveBeenCalledWith(expect.any(Object), apiKeyData.id);
+  });
+});

apps/web/app/api/v1/management/me/route.ts

@@ -4,6 +4,7 @@ import { getSessionUser } from "@/app/api/v1/management/me/lib/utils";
 import { responses } from "@/app/lib/api/response";
 import { CONTROL_HASH } from "@/lib/constants";
 import { hashSha256, parseApiKeyV2, verifySecret } from "@/lib/crypto";
+import { publicUserSelect } from "@/lib/user/public-user";
 import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
 import { rateLimitConfigs } from "@/modules/core/rate-limit/rate-limit-configs";
 
@@ -176,6 +177,7 @@ const handleSessionAuthentication = async () => {
 
   const user = await prisma.user.findUnique({
     where: { id: sessionUser.id },
+    select: publicUserSelect,
   });
 
   return Response.json(user);

apps/web/i18n.lock

@@ -784,6 +784,9 @@ checksums:
     environments/integrations/notion/update_connection_tooltip: 2429919f575e47f5c76e54b4442ba706
     environments/integrations/notion_integration_description: 31a73dbe88fe18a078d6dc15f0c303e2
     environments/integrations/please_select_a_survey_error: 465aa7048773079c8ffdde8b333b78eb
+    environments/integrations/reconnect_button: 8992a0f250278c116cb26be448b68ba2
+    environments/integrations/reconnect_button_description: 01f79dc561ff87b5f2a80bf66e492844
+    environments/integrations/reconnect_button_tooltip: 5552effda9df8d6778dda1cf42e5d880
     environments/integrations/select_at_least_one_question_error: a3513cb02ab0de2a1531893ac0c7e089
     environments/integrations/slack/already_connected_another_survey: 4508f9e4a2915e3818ea5f9e2695e000
     environments/integrations/slack/channel_name: 1afcd1d0401850ff353f5ae27502b04a

apps/web/lib/airtable/service.ts

@@ -3,7 +3,6 @@ import { logger } from "@formbricks/logger";
 import { DatabaseError } from "@formbricks/types/errors";
 import { TIntegrationItem } from "@formbricks/types/integration";
 import {
-  TIntegrationAirtable,
   TIntegrationAirtableConfigData,
   TIntegrationAirtableCredential,
   ZIntegrationAirtableBases,
@@ -24,6 +23,11 @@ export const getBases = async (key: string) => {
     },
   });
 
+  if (!req.ok) {
+    const body = await req.text().catch(() => "");
+    throw new Error(`Airtable API error fetching bases: ${req.status} ${req.statusText} ${body}`);
+  }
+
   const res = await req.json();
   return ZIntegrationAirtableBases.parse(res);
 };
@@ -35,6 +39,11 @@ const tableFetcher = async (key: TIntegrationAirtableCredential, baseId: string)
     },
   });
 
+  if (!req.ok) {
+    const body = await req.text().catch(() => "");
+    throw new Error(`Airtable API error fetching tables: ${req.status} ${req.statusText} ${body}`);
+  }
+
   const res = await req.json();
 
   return res;
@@ -78,10 +87,7 @@ export const fetchAirtableAuthToken = async (formData: Record<string, any>) => {
 
 export const getAirtableToken = async (environmentId: string) => {
   try {
-    const airtableIntegration = (await getIntegrationByType(
-      environmentId,
-      "airtable"
-    )) as TIntegrationAirtable;
+    const airtableIntegration = await getIntegrationByType(environmentId, "airtable");
 
     const { access_token, expiry_date, refresh_token } = ZIntegrationAirtableCredential.parse(
       airtableIntegration?.config.key

apps/web/lib/integration/service.ts

@@ -5,7 +5,12 @@ import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
 import { ZId, ZOptionalNumber, ZString } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
-import { TIntegration, TIntegrationInput, ZIntegrationType } from "@formbricks/types/integration";
+import {
+  TIntegration,
+  TIntegrationByType,
+  TIntegrationInput,
+  ZIntegrationType,
+} from "@formbricks/types/integration";
 import { ITEMS_PER_PAGE } from "../constants";
 import { validateInputs } from "../utils/validate";
 
@@ -94,7 +99,10 @@ export const getIntegration = reactCache(async (integrationId: string): Promise<
 });
 
 export const getIntegrationByType = reactCache(
-  async (environmentId: string, type: TIntegrationInput["type"]): Promise<TIntegration | null> => {
+  async <T extends TIntegrationInput["type"]>(
+    environmentId: string,
+    type: T
+  ): Promise<TIntegrationByType<T> | null> => {
     validateInputs([environmentId, ZId], [type, ZIntegrationType]);
 
     try {
@@ -106,7 +114,7 @@ export const getIntegrationByType = reactCache(
           },
         },
       });
-      return integration ? transformIntegration(integration) : null;
+      return integration ? (transformIntegration(integration) as TIntegrationByType<T>) : null;
     } catch (error) {
       if (error instanceof Prisma.PrismaClientKnownRequestError) {
         throw new DatabaseError(error.message);

apps/web/lib/notion/service.ts

@@ -1,8 +1,4 @@
-import {
-  TIntegrationNotion,
-  TIntegrationNotionConfig,
-  TIntegrationNotionDatabase,
-} from "@formbricks/types/integration/notion";
+import { TIntegrationNotionConfig, TIntegrationNotionDatabase } from "@formbricks/types/integration/notion";
 import { ENCRYPTION_KEY } from "@/lib/constants";
 import { symmetricDecrypt } from "@/lib/crypto";
 import { getIntegrationByType } from "../integration/service";
@@ -29,7 +25,7 @@ const fetchPages = async (config: TIntegrationNotionConfig) => {
 export const getNotionDatabases = async (environmentId: string): Promise<TIntegrationNotionDatabase[]> => {
   let results: TIntegrationNotionDatabase[] = [];
   try {
-    const notionIntegration = (await getIntegrationByType(environmentId, "notion")) as TIntegrationNotion;
+    const notionIntegration = await getIntegrationByType(environmentId, "notion");
     if (notionIntegration && notionIntegration.config?.key.bot_id) {
       results = await fetchPages(notionIntegration.config);
     }

apps/web/lib/slack/service.ts

@@ -1,7 +1,7 @@
 import { Prisma } from "@prisma/client";
 import { DatabaseError, UnknownError } from "@formbricks/types/errors";
 import { TIntegration, TIntegrationItem } from "@formbricks/types/integration";
-import { TIntegrationSlack, TIntegrationSlackCredential } from "@formbricks/types/integration/slack";
+import { TIntegrationSlackCredential } from "@formbricks/types/integration/slack";
 import { SLACK_MESSAGE_LIMIT } from "../constants";
 import { deleteIntegration, getIntegrationByType } from "../integration/service";
 import { truncateText } from "../utils/strings";
@@ -58,7 +58,7 @@ export const fetchChannels = async (slackIntegration: TIntegration): Promise<TIn
 export const getSlackChannels = async (environmentId: string): Promise<TIntegrationItem[]> => {
   let channels: TIntegrationItem[] = [];
   try {
-    const slackIntegration = (await getIntegrationByType(environmentId, "slack")) as TIntegrationSlack;
+    const slackIntegration = await getIntegrationByType(environmentId, "slack");
     if (slackIntegration && slackIntegration.config?.key) {
       channels = await fetchChannels(slackIntegration);
     }

apps/web/lib/user/password.ts

@@ -0,0 +1,36 @@
+import "server-only";
+import { User } from "@prisma/client";
+import { cache as reactCache } from "react";
+import { prisma } from "@formbricks/database";
+import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { verifyPassword } from "@/modules/auth/lib/utils";
+
+const getUserAuthenticationData = reactCache(
+  async (userId: string): Promise<Pick<User, "password" | "identityProvider">> => {
+    const user = await prisma.user.findUnique({
+      where: {
+        id: userId,
+      },
+      select: {
+        password: true,
+        identityProvider: true,
+      },
+    });
+
+    if (!user) {
+      throw new ResourceNotFoundError("user", userId);
+    }
+
+    return user;
+  }
+);
+
+export const verifyUserPassword = async (userId: string, password: string): Promise<boolean> => {
+  const user = await getUserAuthenticationData(userId);
+
+  if (user.identityProvider !== "email" || !user.password) {
+    throw new InvalidInputError("Password is not set for this user");
+  }
+
+  return await verifyPassword(password, user.password);
+};

apps/web/lib/user/public-user.ts

@@ -0,0 +1,20 @@
+import { Prisma } from "@prisma/client";
+
+export const publicUserSelect = {
+  id: true,
+  name: true,
+  email: true,
+  emailVerified: true,
+  createdAt: true,
+  updatedAt: true,
+  twoFactorEnabled: true,
+  identityProvider: true,
+  notificationSettings: true,
+  locale: true,
+  lastLoginAt: true,
+  isActive: true,
+} as const satisfies Prisma.UserSelect;
+
+export type TPublicUser = Prisma.UserGetPayload<{
+  select: typeof publicUserSelect;
+}>;

apps/web/lib/user/service.test.ts

@@ -6,6 +6,7 @@ import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TUserLocale, TUserUpdateInput } from "@formbricks/types/user";
 import { deleteOrganization, getOrganizationsWhereUserIsSingleOwner } from "@/lib/organization/service";
+import { publicUserSelect } from "./public-user";
 import { deleteUser, getUser, getUserByEmail, getUsersWithOrganization, updateUser } from "./service";
 
 vi.mock("@formbricks/database", () => ({
@@ -47,11 +48,6 @@ describe("User Service", () => {
     locale: "en-US" as TUserLocale,
     lastLoginAt: new Date(),
     isActive: true,
-    twoFactorSecret: null,
-    backupCodes: null,
-    password: null,
-    identityProviderAccountId: null,
-    groupId: null,
   };
 
   const mockOrganizations: TOrganization[] = [
@@ -102,8 +98,12 @@ describe("User Service", () => {
       expect(result).toEqual(mockPrismaUser);
       expect(prisma.user.findUnique).toHaveBeenCalledWith({
         where: { id: "user1" },
-        select: expect.any(Object),
+        select: publicUserSelect,
       });
+      expect(result).not.toHaveProperty("password");
+      expect(result).not.toHaveProperty("twoFactorSecret");
+      expect(result).not.toHaveProperty("backupCodes");
+      expect(result).not.toHaveProperty("identityProviderAccountId");
     });
 
     test("should return null when user not found", async () => {
@@ -134,7 +134,7 @@ describe("User Service", () => {
       expect(result).toEqual(mockPrismaUser);
       expect(prisma.user.findFirst).toHaveBeenCalledWith({
         where: { email: "test@example.com" },
-        select: expect.any(Object),
+        select: publicUserSelect,
       });
     });
 
@@ -176,7 +176,7 @@ describe("User Service", () => {
       expect(prisma.user.update).toHaveBeenCalledWith({
         where: { id: "user1" },
         data: updateData,
-        select: expect.any(Object),
+        select: publicUserSelect,
       });
     });
 
@@ -204,7 +204,7 @@ describe("User Service", () => {
       expect(deleteOrganization).toHaveBeenCalledWith("org1");
       expect(prisma.user.delete).toHaveBeenCalledWith({
         where: { id: "user1" },
-        select: expect.any(Object),
+        select: publicUserSelect,
       });
     });
 
@@ -236,7 +236,7 @@ describe("User Service", () => {
             },
           },
         },
-        select: expect.any(Object),
+        select: publicUserSelect,
       });
     });
 

apps/web/lib/user/service.ts

@@ -10,21 +10,7 @@ import { TUser, TUserLocale, TUserUpdateInput, ZUserUpdateInput } from "@formbri
 import { deleteOrganization, getOrganizationsWhereUserIsSingleOwner } from "@/lib/organization/service";
 import { deleteBrevoCustomerByEmail } from "@/modules/auth/lib/brevo";
 import { validateInputs } from "../utils/validate";
-
-const responseSelection = {
-  id: true,
-  name: true,
-  email: true,
-  emailVerified: true,
-  createdAt: true,
-  updatedAt: true,
-  twoFactorEnabled: true,
-  identityProvider: true,
-  notificationSettings: true,
-  locale: true,
-  lastLoginAt: true,
-  isActive: true,
-};
+import { publicUserSelect } from "./public-user";
 
 // function to retrive basic information about a user's user
 export const getUser = reactCache(async (id: string): Promise<TUser | null> => {
@@ -35,7 +21,7 @@ export const getUser = reactCache(async (id: string): Promise<TUser | null> => {
       where: {
         id,
       },
-      select: responseSelection,
+      select: publicUserSelect,
     });
 
     if (!user) {
@@ -59,7 +45,7 @@ export const getUserByEmail = reactCache(async (email: string): Promise<TUser |
       where: {
         email,
       },
-      select: responseSelection,
+      select: publicUserSelect,
     });
 
     return user;
@@ -82,7 +68,7 @@ export const updateUser = async (personId: string, data: TUserUpdateInput): Prom
         id: personId,
       },
       data: data,
-      select: responseSelection,
+      select: publicUserSelect,
     });
 
     return updatedUser;
@@ -105,7 +91,7 @@ const deleteUserById = async (id: string): Promise<TUser> => {
       where: {
         id,
       },
-      select: responseSelection,
+      select: publicUserSelect,
     });
     return user;
   } catch (error) {
@@ -153,7 +139,7 @@ export const getUsersWithOrganization = async (organizationId: string): Promise<
           },
         },
       },
-      select: responseSelection,
+      select: publicUserSelect,
     });
 
     return users;
@@ -174,7 +160,7 @@ export const getUserLocale = reactCache(async (id: string): Promise<TUserLocale
       where: {
         id,
       },
-      select: responseSelection,
+      select: publicUserSelect,
     });
 
     if (!user) {

apps/web/locales/de-DE.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Sende Daten an deine Notion Datenbank",
       "please_select_a_survey_error": "Bitte wähle eine Umfrage aus",
+      "reconnect_button": "Erneut verbinden",
+      "reconnect_button_description": "Deine Integrationsverbindung ist abgelaufen. Bitte verbinde dich erneut, um weiterhin Antworten zu synchronisieren. Deine bestehenden Links und Daten bleiben erhalten.",
+      "reconnect_button_tooltip": "Verbinde die Integration erneut, um deinen Zugriff zu aktualisieren. Deine bestehenden Links und Daten bleiben erhalten.",
       "select_at_least_one_question_error": "Bitte wähle mindestens eine Frage aus",
       "slack": {
         "already_connected_another_survey": "Du hast bereits eine andere Umfrage mit diesem Kanal verbunden.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Zwei-Faktor-Authentifizierung mit einem höheren Plan freischalten",
         "update_personal_info": "Persönliche Daten aktualisieren",
         "warning_cannot_delete_account": "Du bist der einzige Besitzer dieser Organisation. Bitte übertrage das Eigentum zuerst an ein anderes Mitglied.",
-        "warning_cannot_undo": "Das kann nicht rückgängig gemacht werden"
+        "warning_cannot_undo": "Das kann nicht rückgängig gemacht werden",
+        "wrong_password": "Falsches Passwort"
       },
       "teams": {
         "add_members_description": "Füge Mitglieder zum Team hinzu und bestimme ihre Rolle.",

apps/web/locales/en-US.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Send data to your Notion database",
       "please_select_a_survey_error": "Please select a survey",
+      "reconnect_button": "Reconnect",
+      "reconnect_button_description": "Your integration connection has expired. Please reconnect to continue syncing responses. Your existing links and data will be preserved.",
+      "reconnect_button_tooltip": "Reconnect the integration to refresh your access. Your existing links and data will be preserved.",
       "select_at_least_one_question_error": "Please select at least one question",
       "slack": {
         "already_connected_another_survey": "You have already connected another survey to this channel.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Unlock two-factor authentication with a higher plan",
         "update_personal_info": "Update your personal information",
         "warning_cannot_delete_account": "You are the only owner of this organization. Please transfer ownership to another member first.",
-        "warning_cannot_undo": "This cannot be undone"
+        "warning_cannot_undo": "This cannot be undone",
+        "wrong_password": "Wrong password"
       },
       "teams": {
         "add_members_description": "Add members to the team and determine their role.",

apps/web/locales/es-ES.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Envía datos a tu base de datos de Notion",
       "please_select_a_survey_error": "Por favor, selecciona una encuesta",
+      "reconnect_button": "Reconectar",
+      "reconnect_button_description": "Tu conexión de integración ha caducado. Por favor, reconecta para seguir sincronizando las respuestas. Tus enlaces y datos existentes se conservarán.",
+      "reconnect_button_tooltip": "Reconecta la integración para actualizar tu acceso. Tus enlaces y datos existentes se conservarán.",
       "select_at_least_one_question_error": "Por favor, selecciona al menos una pregunta",
       "slack": {
         "already_connected_another_survey": "Ya has conectado otra encuesta a este canal.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Desbloquea la autenticación de dos factores con un plan superior",
         "update_personal_info": "Actualiza tu información personal",
         "warning_cannot_delete_account": "Eres el único propietario de esta organización. Por favor, transfiere la propiedad a otro miembro primero.",
-        "warning_cannot_undo": "Esto no se puede deshacer"
+        "warning_cannot_undo": "Esto no se puede deshacer",
+        "wrong_password": "Contraseña incorrecta"
       },
       "teams": {
         "add_members_description": "Añade miembros al equipo y determina su rol.",

apps/web/locales/fr-FR.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Envoyez des données à votre base de données Notion.",
       "please_select_a_survey_error": "Veuillez sélectionner une enquête.",
+      "reconnect_button": "Reconnecter",
+      "reconnect_button_description": "Ta connexion à l'intégration a expiré. Reconnecte-toi pour continuer à synchroniser les réponses. Tes liens et données existants seront conservés.",
+      "reconnect_button_tooltip": "Reconnecte l'intégration pour actualiser ton accès. Tes liens et données existants seront conservés.",
       "select_at_least_one_question_error": "Veuillez sélectionner au moins une question.",
       "slack": {
         "already_connected_another_survey": "Vous avez déjà connecté une autre enquête à ce canal.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Débloquez l'authentification à deux facteurs avec une offre supérieure",
         "update_personal_info": "Mettez à jour vos informations personnelles",
         "warning_cannot_delete_account": "Tu es le seul propriétaire de cette organisation. Transfère la propriété à un autre membre d'abord.",
-        "warning_cannot_undo": "Cette opération est irréversible."
+        "warning_cannot_undo": "Cette opération est irréversible.",
+        "wrong_password": "Mot de passe incorrect"
       },
       "teams": {
         "add_members_description": "Ajoutez des membres à l'équipe et déterminez leur rôle.",

apps/web/locales/hu-HU.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Adatok küldése a Notion-adatbázisba",
       "please_select_a_survey_error": "Válasszon kérdőívet",
+      "reconnect_button": "Újracsatlakozás",
+      "reconnect_button_description": "Az integráció kapcsolata lejárt. Kérjük, csatlakozzon újra a válaszok szinkronizálásának folytatásához. A meglévő hivatkozások és adatok megmaradnak.",
+      "reconnect_button_tooltip": "Csatlakoztassa újra az integrációt a hozzáférés frissítéséhez. A meglévő hivatkozások és adatok megmaradnak.",
       "select_at_least_one_question_error": "Válasszon legalább egy kérdést",
       "slack": {
         "already_connected_another_survey": "Már hozzákapcsolt egy másik kérdőívet ehhez a csatornához.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "A kétfaktoros hitelesítés feloldása egy magasabb csomaggal",
         "update_personal_info": "Személyes információk frissítése",
         "warning_cannot_delete_account": "Ön az egyetlen tulajdonosa ennek a szervezetnek. Először adja át a tulajdonjogot egy másik tagnak.",
-        "warning_cannot_undo": "Ezt nem lehet visszavonni"
+        "warning_cannot_undo": "Ezt nem lehet visszavonni",
+        "wrong_password": "Hibás jelszó"
       },
       "teams": {
         "add_members_description": "Tagok hozzáadása a csapathoz és a szerepük meghatározása.",

apps/web/locales/ja-JP.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "回答を直接Notionに送信します",
       "please_select_a_survey_error": "フォームを選択してください",
+      "reconnect_button": "再接続",
+      "reconnect_button_description": "統合の接続が期限切れになりました。回答の同期を続けるには再接続してください。既存のリンクとデータは保持されます。",
+      "reconnect_button_tooltip": "統合を再接続してアクセスを更新します。既存のリンクとデータは保持されます。",
       "select_at_least_one_question_error": "少なくとも1つの質問を選択してください",
       "slack": {
         "already_connected_another_survey": "このチャンネルには別のフォームがすでに接続されています。",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "上位プランで二段階認証をアンロック",
         "update_personal_info": "個人情報を更新",
         "warning_cannot_delete_account": "あなたは、この組織の唯一のオーナーです。まず、別のメンバーにオーナーシップを譲渡してください。",
-        "warning_cannot_undo": "この操作は元に戻せません"
+        "warning_cannot_undo": "この操作は元に戻せません",
+        "wrong_password": "パスワードが間違っています"
       },
       "teams": {
         "add_members_description": "チームにメンバーを追加し、役割を決定します。",

apps/web/locales/nl-NL.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Verzend gegevens naar uw Notion-database",
       "please_select_a_survey_error": "Selecteer een enquête",
+      "reconnect_button": "Opnieuw verbinden",
+      "reconnect_button_description": "Je integratieverbinding is verlopen. Maak opnieuw verbinding om door te gaan met het synchroniseren van reacties. Je bestaande links en gegevens blijven behouden.",
+      "reconnect_button_tooltip": "Verbind de integratie opnieuw om je toegang te vernieuwen. Je bestaande links en gegevens blijven behouden.",
       "select_at_least_one_question_error": "Selecteer minimaal één vraag",
       "slack": {
         "already_connected_another_survey": "U heeft al een andere enquête aan dit kanaal gekoppeld.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Ontgrendel tweefactorauthenticatie met een hoger abonnement",
         "update_personal_info": "Update uw persoonlijke gegevens",
         "warning_cannot_delete_account": "U bent de enige eigenaar van deze organisatie. Draag het eigendom eerst over aan een ander lid.",
-        "warning_cannot_undo": "Dit kan niet ongedaan worden gemaakt"
+        "warning_cannot_undo": "Dit kan niet ongedaan worden gemaakt",
+        "wrong_password": "Verkeerd wachtwoord"
       },
       "teams": {
         "add_members_description": "Voeg leden toe aan het team en bepaal hun rol.",

apps/web/locales/pt-BR.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Enviar dados para seu banco de dados do Notion",
       "please_select_a_survey_error": "Por favor, escolha uma pesquisa",
+      "reconnect_button": "Reconectar",
+      "reconnect_button_description": "Sua conexão de integração expirou. Por favor, reconecte para continuar sincronizando respostas. Seus links e dados existentes serão preservados.",
+      "reconnect_button_tooltip": "Reconecte a integração para atualizar seu acesso. Seus links e dados existentes serão preservados.",
       "select_at_least_one_question_error": "Por favor, selecione pelo menos uma pergunta",
       "slack": {
         "already_connected_another_survey": "Você já conectou outra pesquisa a este canal.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Desbloqueia a autenticação de dois fatores com um plano melhor",
         "update_personal_info": "Atualize suas informações pessoais",
         "warning_cannot_delete_account": "Você é o único dono desta organização. Transfere a propriedade para outra pessoa primeiro.",
-        "warning_cannot_undo": "Isso não pode ser desfeito"
+        "warning_cannot_undo": "Isso não pode ser desfeito",
+        "wrong_password": "Senha incorreta"
       },
       "teams": {
         "add_members_description": "Adicione membros à equipe e determine sua função.",

apps/web/locales/pt-PT.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Enviar dados para a sua base de dados do Notion",
       "please_select_a_survey_error": "Por favor, selecione um inquérito",
+      "reconnect_button": "Voltar a ligar",
+      "reconnect_button_description": "A ligação da tua integração expirou. Por favor, volta a ligar para continuar a sincronizar as respostas. As tuas ligações e dados existentes serão preservados.",
+      "reconnect_button_tooltip": "Volta a ligar a integração para atualizar o teu acesso. As tuas ligações e dados existentes serão preservados.",
       "select_at_least_one_question_error": "Por favor, selecione pelo menos uma pergunta",
       "slack": {
         "already_connected_another_survey": "Já ligou outro inquérito a este canal.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Desbloqueie a autenticação de dois fatores com um plano superior",
         "update_personal_info": "Atualize as suas informações pessoais",
         "warning_cannot_delete_account": "É o único proprietário desta organização. Transfira a propriedade para outro membro primeiro.",
-        "warning_cannot_undo": "Isto não pode ser desfeito"
+        "warning_cannot_undo": "Isto não pode ser desfeito",
+        "wrong_password": "Palavra-passe incorreta"
       },
       "teams": {
         "add_members_description": "Adicionar membros à equipa e determinar o seu papel.",

apps/web/locales/ro-RO.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Trimiteți datele în baza de date Notion",
       "please_select_a_survey_error": "Vă rugăm să selectați un sondaj",
+      "reconnect_button": "Reconectează",
+      "reconnect_button_description": "Conexiunea integrării tale a expirat. Te rugăm să te reconectezi pentru a continua sincronizarea răspunsurilor. Linkurile și datele tale existente vor fi păstrate.",
+      "reconnect_button_tooltip": "Reconectează integrarea pentru a reîmprospăta accesul. Linkurile și datele tale existente vor fi păstrate.",
       "select_at_least_one_question_error": "Vă rugăm să selectați cel puțin o întrebare",
       "slack": {
         "already_connected_another_survey": "Ați conectat deja un alt chestionar la acest canal.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Deblocați autentificarea în doi pași cu un plan superior",
         "update_personal_info": "Actualizează informațiile tale personale",
         "warning_cannot_delete_account": "Ești singurul proprietar al acestei organizații. Te rugăm să transferi proprietatea către un alt membru mai întâi.",
-        "warning_cannot_undo": "Aceasta nu poate fi anulată"
+        "warning_cannot_undo": "Aceasta nu poate fi anulată",
+        "wrong_password": "Parolă greșită"
       },
       "teams": {
         "add_members_description": "Adaugă membri în echipă și stabilește rolul lor.",

apps/web/locales/ru-RU.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Отправляйте данные в вашу базу данных Notion",
       "please_select_a_survey_error": "Пожалуйста, выберите опрос",
+      "reconnect_button": "Переподключить",
+      "reconnect_button_description": "Срок действия подключения интеграции истёк. Пожалуйста, переподключитесь, чтобы продолжить синхронизацию ответов. Ваши существующие ссылки и данные будут сохранены.",
+      "reconnect_button_tooltip": "Переподключите интеграцию, чтобы обновить доступ. Ваши существующие ссылки и данные будут сохранены.",
       "select_at_least_one_question_error": "Пожалуйста, выберите хотя бы один вопрос",
       "slack": {
         "already_connected_another_survey": "Вы уже подключили другой опрос к этому каналу.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Откройте двухфакторную аутентификацию с более высоким тарифом",
         "update_personal_info": "Обновить личную информацию",
         "warning_cannot_delete_account": "Вы являетесь единственным владельцем этой организации. Пожалуйста, сначала передайте права другому участнику.",
-        "warning_cannot_undo": "Это действие необратимо"
+        "warning_cannot_undo": "Это действие необратимо",
+        "wrong_password": "Неверный пароль"
       },
       "teams": {
         "add_members_description": "Добавьте участников в команду и определите их роль.",

apps/web/locales/sv-SE.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "Skicka data till din Notion-databas",
       "please_select_a_survey_error": "Vänligen välj en enkät",
+      "reconnect_button": "Återanslut",
+      "reconnect_button_description": "Din integrationsanslutning har gått ut. Vänligen återanslut för att fortsätta synkronisera svar. Dina befintliga länkar och data kommer att bevaras.",
+      "reconnect_button_tooltip": "Återanslut integrationen för att uppdatera din åtkomst. Dina befintliga länkar och data kommer att bevaras.",
       "select_at_least_one_question_error": "Vänligen välj minst en fråga",
       "slack": {
         "already_connected_another_survey": "Du har redan anslutit en annan enkät till denna kanal.",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "Lås upp tvåfaktorsautentisering med en högre plan",
         "update_personal_info": "Uppdatera din personliga information",
         "warning_cannot_delete_account": "Du är den enda ägaren av denna organisation. Vänligen överför ägarskapet till en annan medlem först.",
-        "warning_cannot_undo": "Detta kan inte ångras"
+        "warning_cannot_undo": "Detta kan inte ångras",
+        "wrong_password": "Fel lösenord"
       },
       "teams": {
         "add_members_description": "Lägg till medlemmar i teamet och bestäm deras roll.",

apps/web/locales/zh-Hans-CN.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "将 数据 发送到 您的 Notion 数据库",
       "please_select_a_survey_error": "请选择 一个 调查",
+      "reconnect_button": "重新连接",
+      "reconnect_button_description": "你的集成连接已过期。请重新连接以继续同步响应。你现有的链接和数据将被保留。",
+      "reconnect_button_tooltip": "重新连接集成以刷新你的访问权限。你现有的链接和数据将被保留。",
       "select_at_least_one_question_error": "请选择至少 一个问题",
       "slack": {
         "already_connected_another_survey": "您 已 经 将 另 一 个 调 查 连 接 到 此 频 道 。",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "使用 更高 级 方案 解锁 双 重 因素 验证",
         "update_personal_info": "更新你的个人信息",
         "warning_cannot_delete_account": "您 是 该 组织 的 唯一 拥有者 。 请 先 将 所有权 转移 给 其他 成员 。",
-        "warning_cannot_undo": "此 无法 撤销。"
+        "warning_cannot_undo": "此 无法 撤销。",
+        "wrong_password": "密码错误"
       },
       "teams": {
         "add_members_description": "将 成员 添加到 团队 ，并 确定 他们 的 角色",

apps/web/locales/zh-Hant-TW.json

@@ -828,6 +828,9 @@
       },
       "notion_integration_description": "將資料傳送至您的 Notion 資料庫",
       "please_select_a_survey_error": "請選取問卷",
+      "reconnect_button": "重新連接",
+      "reconnect_button_description": "您的整合連線已過期。請重新連接以繼續同步回應。您現有的連結和資料將會保留。",
+      "reconnect_button_tooltip": "重新連接整合以更新您的存取權限。您現有的連結和資料將會保留。",
       "select_at_least_one_question_error": "請選取至少一個問題",
       "slack": {
         "already_connected_another_survey": "您已將另一個問卷連線到此頻道。",
@@ -1248,7 +1251,8 @@
         "unlock_two_factor_authentication": "使用更高等級的方案解鎖雙重驗證",
         "update_personal_info": "更新您的個人資訊",
         "warning_cannot_delete_account": "您是此組織的唯一擁有者。請先將所有權轉讓給其他成員。",
-        "warning_cannot_undo": "此操作無法復原"
+        "warning_cannot_undo": "此操作無法復原",
+        "wrong_password": "密碼錯誤"
       },
       "teams": {
         "add_members_description": "將成員新增至團隊並確定其角色。",

apps/web/modules/account/components/DeleteAccountModal/actions.ts

@@ -1,24 +1,89 @@
 "use server";
 
-import { OperationNotAllowedError } from "@formbricks/types/errors";
+import { z } from "zod";
+import { logger } from "@formbricks/logger";
+import { AuthorizationError, InvalidInputError, OperationNotAllowedError } from "@formbricks/types/errors";
 import { getOrganizationsWhereUserIsSingleOwner } from "@/lib/organization/service";
+import { verifyUserPassword } from "@/lib/user/password";
 import { deleteUser, getUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
+import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
+import { rateLimitConfigs } from "@/modules/core/rate-limit/rate-limit-configs";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { getIsMultiOrgEnabled } from "@/modules/ee/license-check/lib/utils";
+import { DELETE_ACCOUNT_WRONG_PASSWORD_ERROR } from "./constants";
 
-export const deleteUserAction = authenticatedActionClient.action(
-  withAuditLogging("deleted", "user", async ({ ctx }) => {
-    const isMultiOrgEnabled = await getIsMultiOrgEnabled();
-    const organizationsWithSingleOwner = await getOrganizationsWhereUserIsSingleOwner(ctx.user.id);
-    if (!isMultiOrgEnabled && organizationsWithSingleOwner.length > 0) {
-      throw new OperationNotAllowedError(
-        "You are the only owner of this organization. Please transfer ownership to another member first."
-      );
-    }
+const DELETE_USER_CONFIRMATION_REQUIRED_ERROR =
+  "Password and email confirmation are required to delete your account.";
+
+const ZDeleteUserConfirmation = z
+  .object({
+    confirmationEmail: z.string().trim().min(1).max(255),
+    password: z.string().max(128).optional(),
+  })
+  .strict();
+
+const parseDeleteUserConfirmation = (input: unknown) => {
+  const parsedInput = ZDeleteUserConfirmation.safeParse(input);
+
+  if (!parsedInput.success) {
+    throw new InvalidInputError(DELETE_USER_CONFIRMATION_REQUIRED_ERROR);
+  }
+
+  return parsedInput.data;
+};
+
+const getPasswordOrThrow = (password?: string) => {
+  if (!password) {
+    throw new InvalidInputError(DELETE_USER_CONFIRMATION_REQUIRED_ERROR);
+  }
+
+  return password;
+};
+
+const logAccountDeletionError = (userId: string, error: unknown) => {
+  logger.error({ error, userId }, "Account deletion failed");
+};
+
+export const deleteUserAction = authenticatedActionClient.inputSchema(z.unknown()).action(
+  withAuditLogging("deleted", "user", async ({ ctx, parsedInput }) => {
     ctx.auditLoggingCtx.userId = ctx.user.id;
-    ctx.auditLoggingCtx.oldObject = await getUser(ctx.user.id);
-    const result = await deleteUser(ctx.user.id);
-    return result;
+
+    try {
+      await applyRateLimit(rateLimitConfigs.actions.accountDeletion, ctx.user.id);
+
+      const isPasswordBackedAccount = ctx.user.identityProvider === "email";
+      const { confirmationEmail, password } = parseDeleteUserConfirmation(parsedInput);
+
+      if (confirmationEmail.toLowerCase() !== ctx.user.email.toLowerCase()) {
+        throw new AuthorizationError("Email confirmation does not match");
+      }
+
+      if (isPasswordBackedAccount) {
+        const isCorrectPassword = await verifyUserPassword(ctx.user.id, getPasswordOrThrow(password));
+        if (!isCorrectPassword) {
+          throw new AuthorizationError(DELETE_ACCOUNT_WRONG_PASSWORD_ERROR);
+        }
+      }
+
+      const isMultiOrgEnabled = await getIsMultiOrgEnabled();
+      if (!isMultiOrgEnabled) {
+        const organizationsWithSingleOwner = await getOrganizationsWhereUserIsSingleOwner(ctx.user.id);
+        if (organizationsWithSingleOwner.length > 0) {
+          throw new OperationNotAllowedError(
+            "You are the only owner of this organization. Please transfer ownership to another member first."
+          );
+        }
+      }
+
+      ctx.auditLoggingCtx.oldObject = await getUser(ctx.user.id);
+
+      await deleteUser(ctx.user.id);
+
+      return { success: true };
+    } catch (error) {
+      logAccountDeletionError(ctx.user.id, error);
+      throw error;
+    }
   })
 );

apps/web/modules/account/components/DeleteAccountModal/constants.ts

@@ -0,0 +1 @@
+export const DELETE_ACCOUNT_WRONG_PASSWORD_ERROR = "Wrong password";

apps/web/modules/account/components/DeleteAccountModal/index.tsx

@@ -3,12 +3,16 @@
 import { Dispatch, SetStateAction, useState } from "react";
 import toast from "react-hot-toast";
 import { Trans, useTranslation } from "react-i18next";
+import { logger } from "@formbricks/logger";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TUser } from "@formbricks/types/user";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { DeleteDialog } from "@/modules/ui/components/delete-dialog";
 import { Input } from "@/modules/ui/components/input";
+import { PasswordInput } from "@/modules/ui/components/password-input";
 import { deleteUserAction } from "./actions";
+import { DELETE_ACCOUNT_WRONG_PASSWORD_ERROR } from "./constants";
 
 interface DeleteAccountModalProps {
   open: boolean;
@@ -28,15 +32,57 @@ export const DeleteAccountModal = ({
   const { t } = useTranslation();
   const [deleting, setDeleting] = useState(false);
   const [inputValue, setInputValue] = useState("");
+  const [password, setPassword] = useState("");
   const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
+  const isPasswordBackedAccount = user.identityProvider === "email";
   const handleInputChange = (e: React.ChangeEvent<HTMLInputElement>) => {
     setInputValue(e.target.value);
   };
 
+  const handleOpenChange = (nextOpen: boolean) => {
+    if (!nextOpen) {
+      setInputValue("");
+      setPassword("");
+    }
+    setOpen(nextOpen);
+  };
+
+  const hasValidEmailConfirmation = inputValue.trim().toLowerCase() === user.email.toLowerCase();
+  const hasValidConfirmation = hasValidEmailConfirmation && (!isPasswordBackedAccount || password.length > 0);
+  const isDeleteDisabled = !hasValidConfirmation;
+
   const deleteAccount = async () => {
     try {
+      if (!hasValidConfirmation) {
+        return;
+      }
+
       setDeleting(true);
-      await deleteUserAction();
+      const result = await deleteUserAction(
+        isPasswordBackedAccount
+          ? {
+              confirmationEmail: inputValue,
+              password,
+            }
+          : {
+              confirmationEmail: inputValue,
+            }
+      );
+
+      if (!result?.data?.success) {
+        const fallbackErrorMessage = t("common.something_went_wrong_please_try_again");
+        let errorMessage = fallbackErrorMessage;
+
+        if (result?.serverError === DELETE_ACCOUNT_WRONG_PASSWORD_ERROR) {
+          errorMessage = t("environments.settings.profile.wrong_password");
+        } else if (result) {
+          errorMessage = getFormattedErrorMessage(result);
+        }
+
+        logger.error({ errorMessage }, "Account deletion action failed");
+        toast.error(errorMessage || fallbackErrorMessage);
+        return;
+      }
 
       // Sign out with account deletion reason (no automatic redirect)
       await signOutWithAudit({
@@ -52,22 +98,22 @@ export const DeleteAccountModal = ({
         window.location.replace("/auth/login");
       }
     } catch (error) {
-      toast.error("Something went wrong");
+      logger.error({ error }, "Account deletion failed");
+      toast.error(t("common.something_went_wrong_please_try_again"));
     } finally {
       setDeleting(false);
-      setOpen(false);
     }
   };
 
   return (
     <DeleteDialog
       open={open}
-      setOpen={setOpen}
+      setOpen={handleOpenChange}
       deleteWhat={t("common.account")}
       onDelete={() => deleteAccount()}
       text={t("environments.settings.profile.account_deletion_consequences_warning")}
       isDeleting={deleting}
-      disabled={inputValue !== user.email}>
+      disabled={isDeleteDisabled}>
       <div className="py-5">
         <ul className="list-disc pb-6 pl-6">
           <li>
@@ -110,11 +156,29 @@ export const DeleteAccountModal = ({
             value={inputValue}
             onChange={handleInputChange}
             placeholder={user.email}
-            className="mt-5"
+            className="mt-2"
             type="text"
             id="deleteAccountConfirmation"
             name="deleteAccountConfirmation"
           />
+          {isPasswordBackedAccount && (
+            <>
+              <label htmlFor="deleteAccountPassword" className="mt-4 block">
+                {t("common.password")}
+              </label>
+              <PasswordInput
+                data-testid="deleteAccountPassword"
+                value={password}
+                onChange={(e) => setPassword(e.target.value)}
+                autoComplete="current-password"
+                className="pr-10"
+                containerClassName="mt-2"
+                id="deleteAccountPassword"
+                name="deleteAccountPassword"
+                required
+              />
+            </>
+          )}
         </form>
       </div>
     </DeleteDialog>

apps/web/modules/api/v2/organizations/[organizationId]/users/lib/tests/users.test.ts

@@ -13,6 +13,10 @@ const mockUser = {
   createdAt: new Date(),
   updatedAt: new Date(),
   isActive: true,
+  password: "$2b$12$hashedPassword",
+  twoFactorSecret: "encrypted-2fa-secret",
+  backupCodes: "encrypted-backup-codes",
+  identityProviderAccountId: "provider-account-id",
   role: "admin",
   memberships: [{ organizationId: "org456", role: "admin" }],
   teamUsers: [{ team: { name: "Test Team", id: "team123", projectTeams: [{ projectId: "proj789" }] } }],
@@ -60,6 +64,10 @@ describe("Users Lib", () => {
             updatedAt: expect.any(Date),
           },
         ]);
+        expect(result.data.data[0]).not.toHaveProperty("password");
+        expect(result.data.data[0]).not.toHaveProperty("twoFactorSecret");
+        expect(result.data.data[0]).not.toHaveProperty("backupCodes");
+        expect(result.data.data[0]).not.toHaveProperty("identityProviderAccountId");
       }
     });
 
@@ -84,6 +92,10 @@ describe("Users Lib", () => {
       expect(result.ok).toBe(true);
       if (result.ok) {
         expect(result.data.id).toBe(mockUser.id);
+        expect(result.data).not.toHaveProperty("password");
+        expect(result.data).not.toHaveProperty("twoFactorSecret");
+        expect(result.data).not.toHaveProperty("backupCodes");
+        expect(result.data).not.toHaveProperty("identityProviderAccountId");
       }
     });
 
@@ -151,6 +163,10 @@ describe("Users Lib", () => {
       expect(result.ok).toBe(true);
       if (result.ok) {
         expect(result.data.name).toBe("Updated User");
+        expect(result.data).not.toHaveProperty("password");
+        expect(result.data).not.toHaveProperty("twoFactorSecret");
+        expect(result.data).not.toHaveProperty("backupCodes");
+        expect(result.data).not.toHaveProperty("identityProviderAccountId");
       }
     });
 

apps/web/modules/core/rate-limit/rate-limit-configs.test.ts

@@ -75,6 +75,7 @@ describe("rateLimitConfigs", () => {
       const actionConfigs = Object.keys(rateLimitConfigs.actions);
       expect(actionConfigs).toEqual([
         "emailUpdate",
+        "accountDeletion",
         "surveyFollowUp",
         "sendLinkSurveyEmail",
         "licenseRecheck",
@@ -139,6 +140,7 @@ describe("rateLimitConfigs", () => {
         { config: rateLimitConfigs.api.v3, identifier: "api-v3-key" },
         { config: rateLimitConfigs.api.client, identifier: "client-api-key" },
         { config: rateLimitConfigs.actions.emailUpdate, identifier: "user-profile" },
+        { config: rateLimitConfigs.actions.accountDeletion, identifier: "user-account-delete" },
         { config: rateLimitConfigs.storage.upload, identifier: "storage-upload" },
         { config: rateLimitConfigs.storage.delete, identifier: "storage-delete" },
       ];

apps/web/modules/core/rate-limit/rate-limit-configs.ts

@@ -18,6 +18,7 @@ export const rateLimitConfigs = {
   // Server actions - varies by action type
   actions: {
     emailUpdate: { interval: 3600, allowedPerInterval: 3, namespace: "action:email" }, // 3 per hour
+    accountDeletion: { interval: 3600, allowedPerInterval: 5, namespace: "action:account-delete" }, // 5 per hour
     surveyFollowUp: { interval: 3600, allowedPerInterval: 50, namespace: "action:followup" }, // 50 per hour
     sendLinkSurveyEmail: {
       interval: 3600,

apps/web/modules/integrations/webhooks/components/add-webhook-modal.tsx

@@ -76,6 +76,7 @@ export const AddWebhookModal = ({
         url: testEndpointInput,
         secret: webhookSecret,
       });
+
       if (!testEndpointActionResult?.data) {
         const errorMessage = getFormattedErrorMessage(testEndpointActionResult);
         throw new Error(errorMessage);

apps/web/modules/integrations/webhooks/lib/webhook.test.ts

@@ -17,6 +17,14 @@ vi.mock("@formbricks/database", () => ({
   },
 }));
 
+const constantsMock = vi.hoisted(() => ({ dangerouslyAllow: false }));
+
+vi.mock("@/lib/constants", () => ({
+  get DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS() {
+    return constantsMock.dangerouslyAllow;
+  },
+}));
+
 vi.mock("@/lib/crypto", () => ({
   generateStandardWebhookSignature: vi.fn(() => "signed-payload"),
   generateWebhookSecret: vi.fn(() => "generated-secret"),
@@ -41,6 +49,7 @@ vi.mock("uuid", () => ({
 describe("testEndpoint", () => {
   beforeEach(() => {
     vi.resetAllMocks();
+    constantsMock.dangerouslyAllow = false;
     vi.mocked(generateStandardWebhookSignature).mockReturnValue("signed-payload");
     vi.mocked(validateWebhookUrl).mockResolvedValue(undefined);
     vi.mocked(getTranslate).mockResolvedValue((key: string) => key);
@@ -76,6 +85,36 @@ describe("testEndpoint", () => {
     expect(getTranslate).toHaveBeenCalled();
   });
 
+  test.each([301, 302, 303, 307, 308])(
+    "rejects %s redirects to prevent SSRF via redirect",
+    async (statusCode) => {
+      const fetchMock = vi.fn(async () => ({ status: statusCode }));
+      vi.stubGlobal("fetch", fetchMock);
+
+      await expect(testEndpoint("https://example.com/webhook")).rejects.toThrow(
+        "Webhook endpoint returned a redirect, which is not allowed"
+      );
+
+      expect(fetchMock).toHaveBeenCalledWith(
+        "https://example.com/webhook",
+        expect.objectContaining({ redirect: "manual" })
+      );
+    }
+  );
+
+  test("follows redirects when DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS is enabled", async () => {
+    constantsMock.dangerouslyAllow = true;
+    const fetchMock = vi.fn(async () => ({ status: 200 }));
+    vi.stubGlobal("fetch", fetchMock);
+
+    await expect(testEndpoint("https://example.com/webhook")).resolves.toBe(true);
+
+    expect(fetchMock).toHaveBeenCalledWith(
+      "https://example.com/webhook",
+      expect.objectContaining({ redirect: "follow" })
+    );
+  });
+
   test("allows non-blocked non-2xx statuses", async () => {
     vi.stubGlobal(
       "fetch",

apps/web/modules/integrations/webhooks/lib/webhook.ts

@@ -9,6 +9,7 @@ import {
   ResourceNotFoundError,
   UnknownError,
 } from "@formbricks/types/errors";
+import { DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS } from "@/lib/constants";
 import { generateStandardWebhookSignature, generateWebhookSecret } from "@/lib/crypto";
 import { validateInputs } from "@/lib/utils/validate";
 import { validateWebhookUrl } from "@/lib/utils/validate-webhook-url";
@@ -191,13 +192,29 @@ export const testEndpoint = async (url: string, secret?: string): Promise<boolea
       );
     }
 
+    // `redirect: "manual"` prevents SSRF via redirect — validateWebhookUrl only checks the
+    // initial URL, so following 30x to a private/internal host (e.g. cloud metadata) would bypass it.
+    // Gated on the same env var as validateWebhookUrl: self-hosters who opted into trusting internal
+    // URLs also get the pre-patch redirect-follow behavior for consistency.
+    const redirectMode: RequestRedirect = DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS ? "follow" : "manual";
     const response = await fetch(url, {
       method: "POST",
       body,
       headers: requestHeaders,
       signal: controller.signal,
+      redirect: redirectMode,
     });
+
     const statusCode = response.status;
+
+    // With `redirect: "manual"`, Node's undici returns the actual 30x response (not the spec's
+    // opaqueredirect filter). Treat any 30x as a redirect rejection so users get a clear error
+    // instead of a misleading success. With `redirect: "follow"`, fetch returns the final 2xx/4xx/5xx
+    // and this branch is unreachable.
+    if (statusCode >= 300 && statusCode < 400) {
+      throw new InvalidInputError("Webhook endpoint returned a redirect, which is not allowed");
+    }
+
     const errorMessage = await getWebhookTestErrorMessage(statusCode);
 
     if (errorMessage) {

apps/web/package.json

@@ -44,14 +44,14 @@
     "@lexical/rich-text": "0.41.0",
     "@lexical/table": "0.41.0",
     "@next-auth/prisma-adapter": "1.0.7",
-    "@opentelemetry/auto-instrumentations-node": "0.71.0",
-    "@opentelemetry/exporter-metrics-otlp-http": "0.213.0",
-    "@opentelemetry/exporter-prometheus": "0.213.0",
-    "@opentelemetry/exporter-trace-otlp-http": "0.213.0",
-    "@opentelemetry/resources": "2.6.0",
-    "@opentelemetry/sdk-metrics": "2.6.0",
-    "@opentelemetry/sdk-node": "0.213.0",
-    "@opentelemetry/sdk-trace-base": "2.6.0",
+    "@opentelemetry/auto-instrumentations-node": "0.75.0",
+    "@opentelemetry/exporter-metrics-otlp-http": "0.217.0",
+    "@opentelemetry/exporter-prometheus": "0.217.0",
+    "@opentelemetry/exporter-trace-otlp-http": "0.217.0",
+    "@opentelemetry/resources": "2.7.1",
+    "@opentelemetry/sdk-metrics": "2.7.1",
+    "@opentelemetry/sdk-node": "0.217.0",
+    "@opentelemetry/sdk-trace-base": "2.7.1",
     "@opentelemetry/semantic-conventions": "1.40.0",
     "@paralleldrive/cuid2": "2.3.1",
     "@prisma/client": "6.19.2",
@@ -94,14 +94,14 @@
     "jiti": "2.6.1",
     "jsonwebtoken": "9.0.3",
     "lexical": "0.41.0",
-    "lodash": "4.17.23",
+    "lodash": "4.18.1",
     "lucide-react": "0.577.0",
     "markdown-it": "14.1.1",
-    "next": "16.1.7",
+    "next": "16.2.6",
     "next-auth": "4.24.13",
     "next-safe-action": "8.1.8",
     "node-fetch": "3.3.2",
-    "nodemailer": "8.0.2",
+    "nodemailer": "8.0.7",
     "otplib": "12.0.1",
     "papaparse": "5.5.3",
     "posthog-js": "1.360.0",
@@ -127,7 +127,7 @@
     "tailwind-merge": "3.5.0",
     "tailwindcss": "3.4.19",
     "ua-parser-js": "2.0.9",
-    "uuid": "13.0.0",
+    "uuid": "13.0.2",
     "webpack": "5.105.4",
     "xlsx": "file:vendor/xlsx-0.20.3.tgz",
     "zod": "4.3.6",
@@ -151,7 +151,7 @@
     "autoprefixer": "10.4.27",
     "cross-env": "10.1.0",
     "dotenv": "17.3.1",
-    "postcss": "8.5.8",
+    "postcss": "8.5.14",
     "resize-observer-polyfill": "1.5.1",
     "vite": "7.3.1",
     "vite-tsconfig-paths": "6.1.1",

apps/web/playwright/api/management/me.spec.ts

@@ -0,0 +1,38 @@
+import { expect } from "@playwright/test";
+import { logger } from "@formbricks/logger";
+import { test } from "../../lib/fixtures";
+
+test.describe("API Tests for Management Me", () => {
+  test("Authenticated v1 me endpoint never exposes secret auth fields", async ({ page, users }) => {
+    const name = `Security Me User ${Date.now()}`;
+    const email = `security-me-${Date.now()}@example.com`;
+
+    try {
+      const user = await users.create({ name, email });
+      await user.login();
+
+      const response = await page.context().request.get("/api/v1/management/me");
+      expect(response.ok()).toBe(true);
+
+      const responseBody = await response.json();
+
+      expect(responseBody).toMatchObject({
+        id: expect.any(String),
+        name,
+        email,
+        twoFactorEnabled: expect.any(Boolean),
+        identityProvider: expect.any(String),
+        notificationSettings: expect.any(Object),
+        locale: expect.any(String),
+        isActive: expect.any(Boolean),
+      });
+      expect(responseBody).not.toHaveProperty("password");
+      expect(responseBody).not.toHaveProperty("twoFactorSecret");
+      expect(responseBody).not.toHaveProperty("backupCodes");
+      expect(responseBody).not.toHaveProperty("identityProviderAccountId");
+    } catch (error) {
+      logger.error(error, "Error during management me API security test");
+      throw error;
+    }
+  });
+});

package.json

@@ -83,26 +83,47 @@
   },
   "pnpm": {
     "overrides": {
-      "@hono/node-server": "1.19.10",
-      "@tootallnate/once": "3.0.1",
-      "schema-utils@3.3.0>ajv": "6.14.0",
-      "axios": "1.13.5",
-      "effect": "3.20.0",
-      "flatted": "3.4.2",
-      "hono": "4.12.7",
+      "@hono/node-server": "1.19.13",
       "@microsoft/api-extractor>minimatch": "10.2.4",
-      "node-forge": ">=1.3.2",
+      "@protobufjs/utf8": "1.1.1",
+      "@react-email/preview-server>next": "16.2.6",
+      "@tootallnate/once": "3.0.1",
+      "@xmldom/xmldom": "0.9.10",
+      "ajv@6": "6.14.0",
+      "axios": "1.16.0",
+      "brace-expansion@1": "1.1.14",
+      "brace-expansion@2": "2.0.3",
+      "brace-expansion@5": "5.0.6",
+      "defu": "6.1.7",
+      "dompurify": "3.4.2",
+      "effect": "3.20.0",
+      "fast-uri": "3.1.2",
+      "fast-xml-parser": "5.7.0",
+      "flatted": "3.4.2",
+      "hono": "4.12.18",
+      "ip-address": "10.1.1",
+      "lodash": "4.18.1",
+      "lodash-es": "4.18.1",
+      "node-forge": "1.4.0",
+      "picomatch@2": "2.3.2",
+      "picomatch@4": "4.0.4",
+      "postcss": "8.5.14",
+      "protobufjs@7": "7.5.8",
+      "protobufjs@8": "8.2.0",
       "qs": "6.14.2",
       "rollup": "4.59.0",
       "socket.io-parser": "4.2.6",
       "tar": ">=7.5.11",
       "typeorm": ">=0.3.26",
       "undici": "7.24.0",
-      "fast-xml-parser": "5.5.7",
+      "uuid@11": "11.1.1",
+      "vite@7": "7.3.3",
+      "vite@8": "8.0.12",
+      "yaml": "2.8.3",
       "diff": ">=8.0.3"
     },
     "comments": {
-      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: @hono/node-server/hono (Dependabot #313/#316/#317) - awaiting Prisma update | @tootallnate/once (Dependabot #305) - awaiting sqlite3/node-gyp chain update | schema-utils@3>ajv (Dependabot #287) - awaiting eslint/file-loader schema-utils update | axios (CVE-2025-58754, CVE-2026-25639) - awaiting @boxyhq/saml-jackson update | effect (Dependabot #339) - awaiting Prisma update | flatted (Dependabot #324/#338) - awaiting eslint/flat-cache update | minimatch (Dependabot #288/#294/#297) - awaiting react-email/glob update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | qs (Dependabot #277) - awaiting googleapis/googleapis-common update | rollup (Dependabot #291) - awaiting Vite patch adoption | socket.io-parser (Dependabot #334) - awaiting react-email/socket.io update | tar (CVE-2026-23745/23950/24842/26960) - awaiting @boxyhq/saml-jackson/sqlite3 dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update | undici (Dependabot #319/#322/#323) - awaiting jsdom/vitest/isomorphic-dompurify updates | fast-xml-parser (CVE-2026-25896/26278/33036/33349) - awaiting exact upstream pin updates | diff (Dependabot #269) - awaiting upstream patch range adoption"
+      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: @hono/node-server/hono - awaiting Prisma update | @microsoft/api-extractor>minimatch - awaiting api-extractor update | @protobufjs/utf8 (CVE overlong UTF-8) - awaiting @opentelemetry/otlp-transformer update | @react-email/preview-server>next - awaiting react-email update | @tootallnate/once - awaiting sqlite3/node-gyp chain update | @xmldom/xmldom (CVE-2025-63067/63068) - awaiting @boxyhq/saml20 update | ajv@6 - awaiting @microsoft/tsdoc-config/eslint update | axios (CVE-2025-58754 et al.) - awaiting @boxyhq/saml-jackson update | brace-expansion@1/2/5 (CVE-2025-67313) - awaiting eslint/typeorm/typescript-eslint update | defu (CVE-2025-62629) - awaiting @prisma/config update | dompurify (CVE-2025-26791 et al.) - awaiting posthog-js/isomorphic-dompurify update | effect - awaiting Prisma update | fast-uri (CVE-2025-48944/48945) - awaiting ajv/schema-utils update | fast-xml-parser (CVE-2026-25896 et al.) - awaiting azure/core-xml update | flatted - awaiting eslint/flat-cache update | ip-address (CVE-2025-62629) - awaiting mongodb/socks update | lodash/lodash-es (CVE-2025-62616) - awaiting @boxyhq/saml-jackson/@trivago/prettier-plugin update | node-forge - awaiting @boxyhq/saml-jackson update | picomatch@2/4 (CVE-2025-60538/63394) - awaiting lint-staged/storybook update | postcss (CVE-2025-62695) - awaiting next.js to unpin postcss | protobufjs@7/8 (GHSA-xq3m-2v4x-88gg et al.) - awaiting @grpc/proto-loader/otlp-transformer update | qs - awaiting googleapis/googleapis-common update | rollup - awaiting Vite patch adoption | socket.io-parser - awaiting react-email/socket.io update | tar - awaiting @boxyhq/saml-jackson/sqlite3 updates | typeorm - awaiting @boxyhq/saml-jackson update | undici - awaiting jsdom/vitest/isomorphic-dompurify updates | uuid@11 (CVE-2025-61475) - awaiting typeorm update | vite@7/8 (GHSA-v2wj-q39q-566r/p9ff-h696-f583) - awaiting workspace packages to update vite dependency | yaml (CVE-2025-63675) - awaiting lint-staged update | diff - awaiting upstream patch range adoption"
     },
     "patchedDependencies": {
       "next-auth@4.24.13": "patches/next-auth@4.24.13.patch"

packages/database/package.json

@@ -51,7 +51,7 @@
     "@paralleldrive/cuid2": "2.3.1",
     "@prisma/client": "6.19.2",
     "bcryptjs": "3.0.3",
-    "uuid": "13.0.0",
+    "uuid": "13.0.2",
     "zod": "4.3.6",
     "zod-openapi": "5.4.6"
   },

packages/survey-ui/src/components/general/dropdown-menu.tsx

@@ -20,12 +20,14 @@ function DropdownMenuTrigger({ ...props }: React.ComponentProps<typeof DropdownM
 function DropdownMenuContent({
   className,
   sideOffset = 4,
+  ref,
   ...props
 }: Readonly<React.ComponentProps<typeof DropdownMenuPrimitive.Content>>) {
   return (
     <DropdownMenuPrimitive.Portal>
       <div id="fbjs">
         <DropdownMenuPrimitive.Content
+          ref={ref}
           data-slot="dropdown-menu-content"
           sideOffset={sideOffset}
           className={cn(

packages/survey-ui/src/components/general/dropdown-search.tsx

@@ -58,7 +58,9 @@ export function useDropdownSearch<T extends { id: string; label: string }>({
 
   const focusSearchAndLockSide = (): void => {
     searchInputRef.current?.focus();
-    const side = contentRef.current?.dataset.side;
+    const dataset = contentRef.current?.dataset;
+    if (!dataset) return;
+    const side = dataset.side;
     if (side === "top" || side === "bottom") setLockedSide(side);
   };
 

packages/types/integration/index.ts

@@ -1,8 +1,12 @@
 import { z } from "zod";
-import { ZIntegrationAirtableConfig, ZIntegrationAirtableInput } from "./airtable";
-import { ZIntegrationGoogleSheetsConfig, ZIntegrationGoogleSheetsInput } from "./google-sheet";
-import { ZIntegrationNotionConfig, ZIntegrationNotionInput } from "./notion";
-import { ZIntegrationSlackConfig, ZIntegrationSlackInput } from "./slack";
+import { type TIntegrationAirtable, ZIntegrationAirtableConfig, ZIntegrationAirtableInput } from "./airtable";
+import {
+  type TIntegrationGoogleSheets,
+  ZIntegrationGoogleSheetsConfig,
+  ZIntegrationGoogleSheetsInput,
+} from "./google-sheet";
+import { type TIntegrationNotion, ZIntegrationNotionConfig, ZIntegrationNotionInput } from "./notion";
+import { type TIntegrationSlack, ZIntegrationSlackConfig, ZIntegrationSlackInput } from "./slack";
 
 export const ZIntegrationType = z.enum(["googleSheets", "n8n", "airtable", "notion", "slack"]);
 export type TIntegrationType = z.infer<typeof ZIntegrationType>;
@@ -28,6 +32,16 @@ export const ZIntegration = ZIntegrationBase.extend({
 
 export type TIntegration = z.infer<typeof ZIntegration>;
 
+export type TIntegrationByType<T extends TIntegrationType> = T extends "airtable"
+  ? TIntegrationAirtable
+  : T extends "googleSheets"
+    ? TIntegrationGoogleSheets
+    : T extends "notion"
+      ? TIntegrationNotion
+      : T extends "slack"
+        ? TIntegrationSlack
+        : TIntegration;
+
 export const ZIntegrationBaseSurveyData = z.object({
   createdAt: z.date(),
   elementIds: z.array(z.string()),