chore: update all dependencies to latest (Jun 4, 2026), pin Node 24.16.0

.github/workflows/ci-cd.yml

@@ -29,7 +29,7 @@ jobs:
 
     services:
       postgres:
-        image: postgres:17-alpine
+        image: postgres:18-alpine
         env:
           POSTGRES_USER: test
           POSTGRES_PASSWORD: test
@@ -54,12 +54,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.4'
+          php-version: '8.5'
           extensions: pdo, pdo_pgsql, redis, gd, zip, intl, mbstring, bcmath
           coverage: xdebug
 
@@ -68,7 +68,7 @@ jobs:
         run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache Composer dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -102,7 +102,7 @@ jobs:
           REDIS_PORT: 6379
 
       - name: Upload coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v6
         with:
           file: backend/coverage.xml
           flags: backend
@@ -127,12 +127,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '24'
+          node-version: '24.16.0'
           cache: 'npm'
           cache-dependency-path: signaling/package-lock.json
 
@@ -151,7 +151,7 @@ jobs:
           REDIS_URL: redis://localhost:6379
 
       - name: Upload coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v6
         with:
           file: signaling/coverage/lcov.info
           flags: signaling
@@ -175,12 +175,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '24'
+          node-version: '24.16.0'
           cache: 'npm'
           cache-dependency-path: sfu/package-lock.json
 
@@ -212,12 +212,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '24'
+          node-version: '24.16.0'
           cache: 'npm'
           cache-dependency-path: frontend/package-lock.json
 
@@ -248,7 +248,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install Rust stable
         uses: dtolnay/rust-toolchain@stable
@@ -281,12 +281,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '24'
+          node-version: '24.16.0'
           cache: 'npm'
           cache-dependency-path: recorder/package-lock.json
 
@@ -327,21 +327,21 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/${{ matrix.service }}
           tags: |
@@ -350,7 +350,7 @@ jobs:
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v7
         with:
           context: ${{ matrix.context }}
           file: ${{ matrix.dockerfile }}
@@ -371,10 +371,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.36.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -383,7 +383,7 @@ jobs:
           output: 'trivy-results.sarif'
 
       - name: Upload Trivy scan results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'
@@ -402,10 +402,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup SSH
-        uses: webfactory/ssh-agent@v0.8.0
+        uses: webfactory/ssh-agent@v0.10.0
         with:
           ssh-private-key: ${{ secrets.STAGING_SSH_KEY }}
 
@@ -438,10 +438,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup SSH
-        uses: webfactory/ssh-agent@v0.8.0
+        uses: webfactory/ssh-agent@v0.10.0
         with:
           ssh-private-key: ${{ secrets.PRODUCTION_SSH_KEY }}
 
@@ -476,8 +476,10 @@ jobs:
 
       - name: Notify on success
         if: success()
-        uses: slackapi/slack-github-action@v1.24.0
+        uses: slackapi/slack-github-action@v3.0.3
         with:
+          webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
           payload: |
             {
               "text": "Production deployment successful for Trading Room SaaS",
@@ -491,5 +493,3 @@ jobs:
                 }
               ]
             }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.mcp.json

@@ -0,0 +1,12 @@
+{
+  "mcpServers": {
+    "svelte": {
+      "command": "npx",
+      "args": ["-y", "@sveltejs/mcp"]
+    },
+    "rust": {
+      "command": "rust-mcp-server",
+      "args": ["--log-level", "warn"]
+    }
+  }
+}

DEPLOYMENT_GUIDE.md

@@ -96,7 +96,7 @@
 2. **Create Project**:
    - Project name: `trading-room-production`
    - Region: Choose closest to your users (e.g., `aws-us-east-1`)
-   - Postgres version: `16` (latest stable)
+   - Postgres version: `18` (latest stable)
    - Click "Create project"
    - **Instant provisioning** - no waiting!
 
@@ -342,7 +342,7 @@
    Servers → Add Server
    ```
    - Location: Choose closest to users (e.g., Ashburn, USA)
-   - Image: `Ubuntu 22.04`
+   - Image: `Ubuntu 24.04 LTS`
    - Type: `CPX41` (8 vCPU, 16GB RAM) - $34/month
    - Volume: None
    - Network: Default
@@ -357,7 +357,7 @@
    Servers → Add Server
    ```
    - Location: Same as SFU
-   - Image: `Ubuntu 22.04`
+   - Image: `Ubuntu 24.04 LTS`
    - Type: `CX22` (2 vCPU, 4GB RAM) - $6/month
    - SSH Key: ✓ Select your key
    - Name: `trading-room-app-1`
@@ -1605,7 +1605,7 @@ After deployment, verify:
 | **SFU Server** | 4 vCPU, 8GB RAM, 80GB SSD |
 | **App Server** | 2 vCPU, 4GB RAM, 40GB SSD |
 | **Bandwidth** | 1 Gbps shared |
-| **OS** | Ubuntu 22.04 LTS |
+| **OS** | Ubuntu 24.04 LTS |
 
 ### Recommended (Production)
 
@@ -1614,7 +1614,7 @@ After deployment, verify:
 | **SFU Server** | 8 vCPU, 16GB RAM, 160GB SSD |
 | **App Server** | 2 vCPU, 4GB RAM, 80GB SSD |
 | **Bandwidth** | 1 Gbps dedicated |
-| **OS** | Ubuntu 22.04 LTS |
+| **OS** | Ubuntu 24.04 LTS |
 | **Load Balancer** | Optional for scaling |
 
 ---