This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.

groombook-ci[bot] 06c840ff0e fix(api): replace lte() with inArray() in portal queries — data leak ...

CRITICAL data leak: portal queries used lte(id, maxId) to fetch related
entities, which returned ALL records with ID ≤ maxId — leaking other clients'
pets, staff, and invoice line items.

Fixed all three occurrences:
- pets: lte(pets.id, maxId) → inArray(pets.id, petIds)
- staff: lte(staff.id, maxId) → inArray(staff.id, staffIds)
- invoiceLineItems: lte(invoiceId, maxId) → inArray(invoiceId, invoiceIds)

Also added inArray to @groombook/db re-exports from drizzle-orm.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-29 03:16:24 +00:00

..

api

fix(api): replace lte() with inArray() in portal queries — data leak

2026-03-29 03:16:24 +00:00

e2e

fix(e2e): clients.spec.ts strict mode — use .first() for ambiguous selector

2026-03-29 03:16:24 +00:00

web

fix(test): sync Appointments.test.tsx with portal refactor

2026-03-29 03:16:24 +00:00