Merge branch 'main' of github.com:anurag2787/Nest into fix/responsive-chapter-page

Author: anurag2787

.github/workflows/run-ci-cd.yaml

@@ -208,7 +208,7 @@ jobs:
           exit $EXIT_CODE
 
       - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2
         with:
           fail_ci_if_error: false
           files: backend/coverage.xml
@@ -257,7 +257,7 @@ jobs:
           exit $EXIT_CODE
 
       - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2
         with:
           fail_ci_if_error: false
           files: frontend/coverage/lcov.info
@@ -534,7 +534,7 @@ jobs:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/nest-staging-terraform
 
       - name: Login to Amazon ECR
-        uses: aws-actions/amazon-ecr-login@261fc3d4806db1fa66a15cc11113c456db8870a7
+        uses: aws-actions/amazon-ecr-login@183a1442edf41672e66566b7fc560e297a290896
 
       - name: Build backend image
         uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294

.pre-commit-config.yaml

@@ -55,7 +55,7 @@ repos:
           - --args=--config=__GIT_WORKING_DIR__/infrastructure/.tflint.hcl
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.7
+    rev: v0.15.8
     hooks:
       - id: ruff-check
         args:

MENTORS.md

@@ -64,9 +64,9 @@ Keshav is a Senior Security Engineer at LinkedIn who works at the intersection o
 
 AI/ML enthusiast | GSoC'25 contributor at PSF
 
-[GitHub](https://github.com/kritibirda) • [LinkedIn](https://www.linkedin.com/in/kritibirda/) • [Slack](https://owasp.slack.com/team/U08KZ9Z7MFX) • Country (Timezone)
+[GitHub](https://github.com/kritibirda) • [LinkedIn](https://www.linkedin.com/in/kritibirda/) • [Slack](https://owasp.slack.com/team/U08KZ9Z7MFX) • [India (IST)](https://time-time.net/time/new-delhi-india.php)
 
-*This section is reserved for the mentor to add their own description.*
+Kriti Birda is an AI/ML enthusiast interested in applying her skills to real-world challenges and modern software systems. She is an active open-source contributor who enjoys building reliable, well-tested tools and helping simplify complex concepts for the community. She is also a two-time Google Summer of Code contributor. She contributed to OSGeo (GRASS) in 2024 and to Python Software Foundation (OWHF) in 2025.
 
 ### Marie Wang
 

SPONSORSHIP.md

@@ -0,0 +1,112 @@
+# GitHub Sponsorship Program
+
+Thank you for your contributions to the OWASP Nest project! This document outlines how to set up GitHub Sponsors on your personal account as the first step toward participating in our Sponsorship Program.
+
+---
+
+## Phase 1 — Set Up GitHub Sponsors on Your Personal Account
+
+> [!NOTE]
+> **Official Docs:** [Setting up GitHub Sponsors for your personal account](https://docs.github.com/en/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)
+
+This is a one-time setup. GitHub needs to verify your identity and set up your payout method before your profile goes live.
+
+---
+
+### Step 1 — Check Your Eligibility & Region
+
+Contributors to open source - including mentorship - may be eligible, subject to GitHub Sponsors eligibility criteria. Check if your country is supported:
+
+- [Supported regions for GitHub Sponsors](https://docs.github.com/en/sponsors/receiving-sponsorships-through-github-sponsors/supported-regions-for-github-sponsors)
+
+If your region isn't listed yet, you can join the waitlist on the same page.
+
+---
+
+### Step 2 — Enable Two-Factor Authentication (2FA)
+
+GitHub requires 2FA before you can become a sponsored developer. If you haven't enabled it yet, go to **Settings → Password and authentication**.
+
+- [Configuring two-factor authentication](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)
+
+---
+
+### Step 3 — Apply for GitHub Sponsors
+
+Go to [github.com/sponsors](https://github.com/sponsors) → click **Get sponsored** → follow the prompts to complete your contact information. You will choose your payout method at this step (see Step 4).
+
+Once submitted, GitHub will review your application — this typically takes a few days, though it can take longer. If your application seems stuck, contact [GitHub Support](https://support.github.com) directly.
+
+---
+
+### Step 4 — Choose Your Payout Method
+
+> [!NOTE]
+> ⚠️ This must be decided at sign-up — it is difficult to change later.
+
+GitHub offers two options:
+
+#### Option A — Stripe Connect (bank account)
+
+Most common. Your bank account region must match your country of residence. Check the official GitHub Sponsors payout documentation and supported regions for full details.
+
+- [Stripe Connect cross-border payouts — supported countries](https://stripe.com/docs/connect/cross-border-payouts)
+- Double-check your identity info (name, date of birth) before submitting — it is difficult to update after the fact.
+
+#### Option B — Fiscal Host
+
+Best if Stripe isn't available in your country, or if you prefer not to connect a personal bank account. A fiscal host is an organization that receives funds on your behalf and pays you out through their system.
+
+You will need to register with your chosen fiscal host first, then select **"Use a fiscal host"** during GitHub Sponsors sign-up and provide your profile URL from that platform.
+
+GitHub currently supports these fiscal hosts:
+
+- [Open Source Collective](https://opencollective.com/opensource) *(most commonly used)*
+- [Hack Club](https://hackclub.com/fiscal-sponsorship/)
+- [NumFOCUS](https://numfocus.org/programs/fiscal-sponsorship)
+- [Open Collective Europe](https://opencollective.com/europe)
+- [Python Software Foundation](https://www.python.org/psf/)
+- [Radiant Earth](https://radiant.earth/)
+- [Software in the Public Interest](https://www.spi-inc.org/)
+- [Software Underground](https://softwareunderground.org/)
+
+> [!NOTE]
+> **Official Docs:** [Using a fiscal host to receive GitHub Sponsors payouts](https://docs.github.com/en/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts)
+
+---
+
+### Step 5 — Submit Your Tax Information
+
+After connecting your payout method, complete a tax form from your Sponsors dashboard:
+
+- **US residents:** Form W-9
+- **Non-US residents:** Form W-8BEN
+
+- [Tax information for GitHub Sponsors](https://docs.github.com/en/sponsors/receiving-sponsorships-through-github-sponsors/tax-information-for-github-sponsors)
+
+---
+
+### Step 6 — Submit for GitHub Review
+
+Click **Request approval** from your Sponsors dashboard. Once approved, your profile goes live at:
+
+```text
+https://github.com/sponsors/YOUR-USERNAME
+```
+
+---
+
+### Step 7 — Complete Your Sponsors Profile
+
+After approval, go to **your profile picture → Your sponsors → Dashboard → Profile details** and fill in the following:
+
+- **Short bio** — a brief description of who you are.
+- **Introduction** — describe your open source work. For example:
+
+  > *"I'm an OWASP Nest mentor with the Google Summer of Code, helping the next generation of open source security engineers build real-world skills."*
+
+---
+
+Once you have completed Phase 1 and your GitHub Sponsors profile is live, you are ready to proceed to the next steps in the OWASP Nest Sponsorship Program.
+
+If you have questions or run into any issues, feel free to open a discussion or reach out to the maintainers.

backend/apps/mentorship/api/internal/nodes/module.py

@@ -84,6 +84,9 @@ def issues(
         self, info: Info, limit: int = 20, offset: int = 0, label: str | None = None
     ) -> list[IssueNode]:
         """Return paginated issues linked to this module, optionally filtered by label."""
+        if not self.program or not self.program.user_has_access(info.context.request.user):
+            return []
+
         info.context.current_module = self
 
         # BULK load data
@@ -150,6 +153,9 @@ def available_labels(self) -> list[str]:
     @strawberry.field
     def issue_by_number(self, info: Info, number: int) -> IssueNode | None:
         """Return a single issue by its GitHub number within this module's linked issues."""
+        if not self.program or not self.program.user_has_access(info.context.request.user):
+            return None
+
         info.context.current_module = self
 
         return (

backend/entrypoint.sh

@@ -10,4 +10,13 @@ python manage.py migrate
 python manage.py collectstatic --noinput
 python manage.py clear_cache
 
-gunicorn wsgi:application --bind 0.0.0.0:8000
+gunicorn wsgi:application \
+  --access-logfile - \
+  --bind 0.0.0.0:8000 \
+  --error-logfile - \
+  --graceful-timeout "${GUNICORN_GRACEFUL_TIMEOUT:-60}" \
+  --max-requests "${GUNICORN_MAX_REQUESTS:-1000}" \
+  --max-requests-jitter "${GUNICORN_MAX_REQUESTS_JITTER:-50}" \
+  --threads "${GUNICORN_THREADS:-2}" \
+  --timeout "${GUNICORN_TIMEOUT:-60}" \
+  --workers "${GUNICORN_WORKERS:-3}"