• Joined on 2026-05-03
null closed issue null/BillTracker#85 2026-05-31 15:36:21 -05:00
LOW: Auto-generated encryption key stored in same SQLite database as encrypted data
null pushed to dev at null/BillTracker 2026-05-31 15:06:14 -05:00
31bafb0e55 0.34.3
null closed issue null/BillTracker#77 2026-05-31 15:05:59 -05:00
MEDIUM: TrackerPage.jsx is 2386 lines with 44 hooks - maintainability and re-render risks
null commented on issue null/BillTracker#76 2026-05-31 14:24:28 -05:00
MEDIUM: 10x .catch(() => {}) silently swallowing errors in client code

closed v0.34.2.1

null closed issue null/BillTracker#76 2026-05-31 14:24:28 -05:00
MEDIUM: 10x .catch(() => {}) silently swallowing errors in client code
null commented on issue null/BillTracker#75 2026-05-31 14:00:35 -05:00
MEDIUM: Floating-point REAL type for monetary amounts in SQLite

closed v0.34.2.1

null closed issue null/BillTracker#75 2026-05-31 14:00:35 -05:00
MEDIUM: Floating-point REAL type for monetary amounts in SQLite
null commented on issue null/BillTracker#74 2026-05-31 13:23:15 -05:00
HIGH: No explicit JSON body size limit on express.json() - default 100KB

closed v0.34.2.1

null closed issue null/BillTracker#74 2026-05-31 13:23:15 -05:00
HIGH: No explicit JSON body size limit on express.json() - default 100KB
null closed issue null/BillTracker#65 2026-05-31 13:19:41 -05:00
Add Bill link should always be visible at top, not only under Tracker tab
null commented on issue null/BillTracker#73 2026-05-31 13:14:17 -05:00
HIGH: No process-level unhandledRejection/uncaughtException handler

close v0.34.2.1 (line 155)

null closed issue null/BillTracker#73 2026-05-31 13:14:17 -05:00
HIGH: No process-level unhandledRejection/uncaughtException handler
null closed issue null/BillTracker#63 2026-05-31 13:12:42 -05:00
Overview page — Upcoming bills field hard to read
null commented on issue null/BillTracker#72 2026-05-31 13:12:16 -05:00
HIGH: Payment UPDATE/DELETE lack user_id in WHERE clause (defense-in-depth)

closed v0.34.2.1

null closed issue null/BillTracker#72 2026-05-31 13:12:16 -05:00
HIGH: Payment UPDATE/DELETE lack user_id in WHERE clause (defense-in-depth)
null commented on issue null/BillTracker#71 2026-05-31 13:09:22 -05:00
HIGH: SQL injection surface in analyticsService.js - string interpolation in WHERE clause

Both patterns are safe and no changes are needed. The report confused "string interpolation of SQL fragments" (safe, it's just building the query structure) with "string interpolation of user…

null closed issue null/BillTracker#71 2026-05-31 13:09:22 -05:00
HIGH: SQL injection surface in analyticsService.js - string interpolation in WHERE clause
null commented on issue null/BillTracker#70 2026-05-31 13:07:18 -05:00
CRITICAL: Incomplete user deletion - orphaned data risk

closed v0.34.2.1