Apply non-major audit updates and harden path handling for Semgrep.

This updates transitive dependencies via npm audit fix and refactors flagged file-path code paths to avoid path-join/resolve traversal findings in scripts and server utilities.

Made-with: Cursor

server/api/cms/save-csv.post.js

@@ -93,14 +93,13 @@ export default defineEventHandler(async (event) => {
     }
 
     // Ziel: internes Datenverzeichnis unter `server/data/public-data` (persistente, interne Quelle)
-    const internalPaths = [
-      // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
-      // filename is allowlisted via allowedFiles above.
-      path.join(cwd, 'server/data/public-data', filename),
-      // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
-      // filename is allowlisted via allowedFiles above.
-      path.join(cwd, '../server/data/public-data', filename)
-    ]
+    const dataTargetsByFile = {
+      'vereinsmeisterschaften.csv': [`${cwd}/server/data/public-data/vereinsmeisterschaften.csv`, `${cwd}/../server/data/public-data/vereinsmeisterschaften.csv`],
+      'mannschaften.csv': [`${cwd}/server/data/public-data/mannschaften.csv`, `${cwd}/../server/data/public-data/mannschaften.csv`],
+      'termine.csv': [`${cwd}/server/data/public-data/termine.csv`, `${cwd}/../server/data/public-data/termine.csv`],
+      'spielplan.csv': [`${cwd}/server/data/public-data/spielplan.csv`, `${cwd}/../server/data/public-data/spielplan.csv`]
+    }
+    const internalPaths = dataTargetsByFile[filename] || []
 
     const uniquePaths = [...new Set([...internalPaths])]
     const writeResults = []