null
|
88c1374d97
|
v028.0
|
2026-05-16 10:56:56 -05:00 |
null
|
59d9d21d4c
|
v0.28.0
|
2026-05-16 10:34:32 -05:00 |
null
|
0ba315bd32
|
v0.28.0
|
2026-05-15 22:45:38 -05:00 |
null
|
263f1c5e6e
|
v0.27.04
|
2026-05-15 01:36:56 -05:00 |
null
|
576163e85b
|
apr/snowball 0.27.04
|
2026-05-15 00:03:32 -05:00 |
null
|
eea5641126
|
snowball visuals
|
2026-05-14 19:33:23 -05:00 |
null
|
440f872d97
|
snowball bug fixes
|
2026-05-14 03:00:01 -05:00 |
null
|
7d2d0bf45e
|
0.28.0 snowball release
|
2026-05-14 02:11:54 -05:00 |
null
|
24b4e8d24e
|
refactor: extract bills.js business logic into services/billsService.js (Phase 1)
|
2026-05-11 12:12:31 -05:00 |
null
|
c1ac14efe3
|
v0.24.4: analytics mobile layout + previous month payment toggle
|
2026-05-11 11:56:49 -05:00 |
null
|
80b3bcc17b
|
fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0)
HIGH:
- Admin toggle-paid: removed cross-user admin branch, now requires ownership
- Analytics crash: imported missing standardizeError
- Export data loss: added cycle_type, cycle_day, bill_history_ranges to exports
- Single-user lockout: removed unnecessary sessions join from getSingleModeUser
MEDIUM:
- Password rate limiter: scoped to change-password only, not all profile routes
- Profile session invalidation: fixed req.sessionId → req.cookies[COOKIE_NAME]
- CSRF default: httpOnly now defaults to false (matches SPA double-submit pattern)
- CSRF password routes: removed csrfSkip for password change endpoints
- Notification due-day: calendar day comparison instead of timestamp floor
- Upcoming bills: clamped days to 1-365, default 30 for invalid input
FUTURE.md: marked all 10 items as FIXED, bumped version refs
HISTORY.md: added v0.24.0 entry
|
2026-05-10 15:25:47 -05:00 |
null
|
bd796d61c0
|
v0.20.8: Billing cycle sub-categories + server-side cycle_day validation
- Migration v0.46: cycle_type (monthly/weekly/biweekly/quarterly/annual) and cycle_day columns
- Server-side validation: cycle_type whitelist, cycle_day validated per type
- monthly: 1-31 integer
- weekly/biweekly: day name enum
- quarterly/annual: free text (max 50 chars)
- BillModal UI: conditional cycle_day selector (ordinal/weekday/text)
- Hudson audit: 4/5 PASS, fixed medium-risk cycle_day validation gap
|
2026-05-10 00:39:11 -05:00 |
kaspa
|
4d1709aea3
|
push
|
2026-05-09 13:03:36 -05:00 |
_null
|
b9d1366d46
|
initial commit
|
2026-05-03 19:51:57 -05:00 |