a66583b883
release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)
...
release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)
2026-04-19 00:24:10 +00:00
4a7d5131fc
Merge pull request #225 from cartsnitch/dev
...
Promote dev to UAT: bcrypt cost factor fix
2026-04-19 00:04:07 +00:00
56b1ff9a36
Merge pull request #220 from cartsnitch/fix/car-656-deploy-commit-guard
...
fix(deploy): guard commit step against no-op changes (CAR-674)
2026-04-19 00:03:32 +00:00
b660336897
Merge pull request #215 from cartsnitch/fix/car-663-bcrypt-cost-factor
...
fix: increase bcrypt cost factor from 10 to 12
2026-04-19 00:02:28 +00:00
af713f422b
chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)
...
chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)
2026-04-18 23:59:42 +00:00
55ab0b7ceb
Merge pull request #223 from cartsnitch/dev
...
chore: promote dev to UAT (Grype ignores + cache-bust)
2026-04-18 03:55:23 +00:00
93a94e9777
Merge pull request #214 from cartsnitch/fix/car-620-grype-ignore-and-cache-bust
...
fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers
2026-04-18 03:55:06 +00:00
1bb669f3ca
fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 21:53:34 +00:00
82978f072b
fix(deploy): guard commit step against no-op changes
...
Guard the infra commit step in deploy-dev and deploy-uat jobs with
`git diff --cached --quiet` to prevent CI failure when kustomization
has no actual image tag changes.
Refs: CAR-674
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 21:51:46 +00:00
9ba745b5a9
fix: increase bcrypt cost factor from 10 to 12
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 21:50:09 +00:00
c13e640864
fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 21:50:09 +00:00
c7b7494151
fix: e2e route mocking and color contrast accessibility ( #221 )
...
Fixes CAR-673, CAR-676. Replaces VITE_MOCK_AUTH with Playwright route mocking for all e2e tests. Fixes color contrast (text-gray-400 → text-gray-600).
2026-04-15 21:49:55 +00:00
f023480100
chore: promote UAT to production (CAR-662, audit logging middleware)
...
chore: promote UAT to production (CAR-662, audit logging middleware)
2026-04-15 04:29:39 +00:00
9acaf5e83a
Merge branch 'main' into uat
2026-04-15 04:17:24 +00:00
4e10c75fd0
Merge pull request #217 from cartsnitch/dev
...
Promote to UAT: ESLint lint fix (PR #216 )
2026-04-15 04:04:25 +00:00
ffdc26cce5
Merge pull request #216 from cartsnitch/fix/car-665-eslint-unused-vars
...
fix: remove unused navigate variable from Register.tsx
2026-04-15 03:59:45 +00:00
2e96e8f0a7
fix: remove unused navigate variable from Register.tsx
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 03:57:01 +00:00
88ac74e94c
Merge pull request #213 from cartsnitch/dev
...
Promote to UAT: vite, mock-auth, Redis rate-limit, Redis cache, email verification
2026-04-15 03:33:42 +00:00
66279716ba
feat(auth): enable email verification with Resend ( #173 )
...
feat(auth): enable email verification with Resend
2026-04-15 03:32:23 +00:00
15ab4ed38c
feat(api): implement Redis cache get/set/delete with TTL support ( #195 )
...
feat(api): implement Redis cache get/set/delete with TTL support
2026-04-15 03:32:11 +00:00
fbd77a9434
fix: remove VITE_MOCK_AUTH bypass from production code ( #193 )
...
fix: remove VITE_MOCK_AUTH bypass from production code
2026-04-15 03:32:02 +00:00
fef5e86645
feat: Redis-backed rate limiting with stricter auth limits ( #194 )
...
feat: Redis-backed rate limiting with stricter auth limits
2026-04-15 03:31:42 +00:00
cf39ed1dcd
fix: update vite to 6.4.2 to patch high-severity vulnerabilities ( #191 )
...
fix: update vite to 6.4.2 to patch high-severity vulnerabilities
2026-04-15 03:31:34 +00:00
71e2978f52
Enable Better-Auth email verification with Resend
...
- Add emailVerification.sendVerificationEmail config to auth/src/auth.ts
using Resend to send verification emails on sign-up
- Add resend npm package to auth/package.json
- Update auth/.env.example with RESEND_API_KEY and FROM_EMAIL
- Create VerifyEmail.tsx page with token verification flow,
spinner UX, success/Error states, and resend option
- Update Register.tsx to redirect to /verify-email after signup
instead of auto-navigating to dashboard
- Add /verify-email route to App.tsx
- Frontend shows 'check your email' step after registration
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 03:30:48 +00:00
4945ac71ae
feat(auth): enable email verification with Resend
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 03:30:44 +00:00
53ffef0ed1
Merge pull request #212 from cartsnitch/dev
...
Promote to UAT: input validation + audit logging (PR #171 , #183 )
2026-04-15 03:30:04 +00:00
5308923136
feat(api): add input validation on public endpoints ( #171 )
...
feat(api): add input validation on public endpoints
2026-04-15 03:26:38 +00:00
bdaca519f6
feat: implement audit logging middleware for sensitive API operations ( #183 )
...
feat: implement audit logging middleware for sensitive API operations
2026-04-15 03:23:37 +00:00
cfad4eab37
Merge pull request #211 from cartsnitch/dev
...
Promote to UAT: bcrypt upgrade + Grype only-fixed filter (CAR-622)
2026-04-15 03:22:50 +00:00
90e23ac592
fix: upgrade bcrypt and filter unfixed CVEs in Grype scans ( #207 )
...
fix: upgrade bcrypt and filter unfixed CVEs in Grype scans
2026-04-15 03:18:13 +00:00
d8e7a416d2
chore: promote UAT to production (CAR-630)
...
Promotes UAT to main including PR #209 (N+1 UPC query fix with SQL containment).
UAT regression: passed (Deal Dottie)
Security review: passed (Stockboy Steve)
CI required checks: all green
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 02:16:12 +00:00
c03e599ae3
feat: Redis-backed rate limiting with stricter auth limits
...
- Add rate_limit_auth_requests (5/min) and rate_limit_auth_window_seconds (60) settings
- Add rate_limit_redis_enabled flag for opt-in Redis usage
- Refactor _SlidingWindowCounter into InMemorySlidingWindow class
- Add RedisSlidingWindow using sorted sets with fallback to in-memory
- Add third _auth_strict_limiter for POST /auth/* paths (5 req/min)
- Add protocol-based backend selection at module load time
- Update tests for auth strict limiter and Redis fallback behavior
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 02:10:02 +00:00
f051e4b4af
chore: promote dev to UAT
...
chore: promote dev to UAT
2026-04-15 02:00:15 +00:00
908ebde4c6
fix: replace N+1 UPC query with SQL containment in normalization ( #175 )
...
fix: replace N+1 UPC query with SQL containment in normalization
2026-04-15 02:00:04 +00:00
c715c0e47a
chore: promote uat to production (Grype image vulnerability scanning)
...
Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production.
- CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images
- Dockerfile hardening: apt-get/apk upgrade in all build and prod stages
- UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve)
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 01:14:35 +00:00
a0eef27944
fix: upgrade bcrypt and filter unfixed CVEs in Grype scans
2026-04-15 00:51:53 +00:00
c968088a3f
Merge pull request #208 from cartsnitch/dev
...
promote: dev → uat (Grype only-fixed flag)
2026-04-15 00:46:24 +00:00
bb50ddc85d
Merge pull request #206 from cartsnitch/fix/car-620-grype-only-fixed
...
fix: add only-fixed flag to Grype scans to skip unfixable CVEs
2026-04-15 00:46:10 +00:00
bd2e8feff6
fix: add only-fixed flag to Grype scans to skip unfixable CVEs
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 00:28:56 +00:00
2b32bfdfe1
chore: promote dev to UAT (CAR-616 Docker CVE remediation) ( #205 )
...
chore: promote dev to UAT (CAR-616 Docker CVE remediation)
2026-04-14 23:57:52 +00:00
1e8223caeb
fix: remediate high-severity CVEs in Docker images ( #204 )
...
fix: remediate high-severity CVEs in Docker images
2026-04-14 23:57:40 +00:00
e1d77d7789
fix: remediate high-severity CVEs in Docker images
...
- Add apk upgrade to frontend Dockerfile (build + prod stages)
- Add apk upgrade to auth Dockerfile (build + runtime stages)
- Add apt-get upgrade to api Dockerfile (build + prod stages)
- Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages)
- Run npm audit fix for frontend and auth dependencies
Refs: CAR-616
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-14 23:51:42 +00:00
16200c5500
Merge branch 'main' into uat
2026-04-14 23:31:58 +00:00
1803d09095
Promote dev to UAT: Grype image vulnerability scanning
...
Promote dev to UAT: Grype image vulnerability scanning
2026-04-14 23:25:47 +00:00
8592701382
feat(ci): add Grype image vulnerability scanning to all Docker builds
...
feat(ci): add Grype image vulnerability scanning to all Docker builds
2026-04-14 23:25:17 +00:00
17447fb5e1
feat(ci): add Grype image vulnerability scanning to all Docker builds
2026-04-14 23:13:47 +00:00
e29bad9a39
chore: promote uat to production (auth health check DB connectivity fix) ( #200 )
...
chore: promote uat to production (auth health check DB connectivity fix)
2026-04-14 16:53:08 +00:00
349b519a00
Merge pull request #199 from cartsnitch/dev
...
chore: promote dev to uat (auth health check DB connectivity fix)
2026-04-14 16:39:50 +00:00
b274fdff8e
Merge pull request #198 from cartsnitch/fix/car-608-auth-health-check
...
fix: restore DB connectivity check to auth health endpoint
2026-04-14 16:39:18 +00:00
a64dc7ab5e
fix: restore DB connectivity check to auth health endpoint
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-14 16:35:24 +00:00
cartsnitch-ceo[bot]