auto-claude: 2.7 - Replace hardcoded password in update_social_media.py with environment variable

- Removed hardcoded DATABASE_URL assignment with 'NordaBiz2025Secure' password
- Added comprehensive warning comment about CWE-798 security vulnerability
- Script now relies on DATABASE_URL environment variable or safe fallback from database.py
- Follows same security pattern as other updated scripts (run_migration.py, etc.)

update_social_media.py

@@ -12,8 +12,11 @@ import json
 import sys
 from datetime import datetime
 
-# Force production database
-os.environ['DATABASE_URL'] = 'postgresql://nordabiz_app:NordaBiz2025Secure@localhost:5432/nordabiz'
+# Database connection: Use environment variable DATABASE_URL
+# WARNING: DATABASE_URL must be set before running this script.
+# Example: export DATABASE_URL='postgresql://nordabiz_app:PASSWORD@localhost:5432/nordabiz'
+# The database module will fall back to a safe placeholder if not set.
+# NEVER commit real credentials to version control (CWE-798).
 
 from database import SessionLocal, Company, CompanySocialMedia
 from sqlalchemy import func