groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

dev → uat: portal photoKey S3 key-hijack fix (GRO-2187/GRO-2198) #173

Merged
Flea Flicker merged 3 commits from dev into uat 2026-06-08 12:39:52 +00:00
Conversation 0 Commits 3 Files Changed 9
+619 -29
Flea Flicker commented 2026-06-08 12:39:46 +00:00
Member
Copy Link
Copy Source

Promotes the Security remediation for the GRO-2187 portal pet PATCH (HIGH S3 key-hijack, CTO-ratified) to uat.

Scope (dev is already in sync with uat for GRO-2154 geocoding): this promotion carries the #172 fix — drop writable photoKey from PATCH /portal/pets + length/array caps + regression tests — and a 2-line UAT_PLAYBOOK doc edit.

After merge: uat CI builds a new image → bump UAT GitOps overlay tag → Flux rollout → Security re-runs the gate and Shedward re-runs §4.8/§5.23. Refs GRO-2198, GRO-1480.

Promotes the Security remediation for the GRO-2187 portal pet PATCH (HIGH S3 key-hijack, CTO-ratified) to `uat`. Scope (dev is already in sync with uat for GRO-2154 geocoding): this promotion carries the [#172](https://git.farh.net/groombook/api/pulls/172) fix — drop writable `photoKey` from `PATCH /portal/pets` + length/array caps + regression tests — and a 2-line UAT_PLAYBOOK doc edit. After merge: uat CI builds a new image → bump UAT GitOps overlay tag → Flux rollout → Security re-runs the gate and Shedward re-runs §4.8/§5.23. Refs GRO-2198, GRO-1480.
Flea Flicker added 3 commits 2026-06-08 12:39:47 +00:00
fix(ci): GRO-2197 api lint/typecheck/test run root scripts (de-false-green) (#169)
CI / Test (push) Successful in 25s
Details
CI / Lint & Typecheck (push) Successful in 30s
Details
CI / Build & Push Docker Images (push) Successful in 3m23s
Details
eec198a661
feat(GRO-2154): geocoding endpoints + auto-geocode on client mutations (#170)
CI / Test (push) Successful in 28s
Details
CI / Test (pull_request) Successful in 23s
Details
CI / Lint & Typecheck (pull_request) Successful in 26s
Details
CI / Build & Push Docker Images (pull_request) Successful in 25s
Details
CI / Lint & Typecheck (push) Failing after 14m33s
Details
CI / Build & Push Docker Images (push) Has been skipped
Details
582c376df9
fix(portal): drop writable photoKey from PATCH /portal/pets — S3 key-hijack (GRO-2187/GRO-2198) (#172)
CI / Test (push) Successful in 24s
Details
CI / Lint & Typecheck (push) Successful in 26s
Details
CI / Build & Push Docker Images (push) Successful in 29s
Details
CI / Lint & Typecheck (pull_request) Successful in 24s
Details
CI / Test (pull_request) Successful in 30s
Details
CI / Build & Push Docker Images (pull_request) Successful in 44s
Details
14d7889ec0
Flea Flicker merged commit 8cf72d926d into uat 2026-06-08 12:39:52 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/api#173
Delete Branch "dev"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?