fix: resolve SonarQube findings and sync version to 0.8.0#62
Merged
Sagargupta16 merged 2 commits intomainfrom Mar 14, 2026
Merged
fix: resolve SonarQube findings and sync version to 0.8.0#62Sagargupta16 merged 2 commits intomainfrom
Sagargupta16 merged 2 commits intomainfrom
Conversation
- Sync version to 0.8.0 across root package.json (was 1.0.0), frontend package.json (was 0.0.0), and backend pyproject.toml (was 0.1.0) - Fix ruff target-version from py311 to py312 to match mypy and CI - Remove redundant autoprefixer (Tailwind CSS 4 handles prefixing)
Security: - Replace hardcoded dev JWT secrets with secrets.token_urlsafe() - Fix SQL injection in migration (f-string -> parameterized sa.text) - Wrap unhandled localStorage.setItem in try/catch Code quality: - Add logger.debug to swallowed OSError catches in main.py and upload.py - Add console.warn to 18 silent catch blocks across frontend - Replace manual day-of-month logic with calendar.monthrange() - Remove dead _apply_earning_start_date backward-compat alias - Remove duplicated localStorage helpers in BillCalendarPage Accessibility: - Add tabIndex, onKeyDown, aria-sort to sortable th in NetWorthPage, InvestmentAnalyticsPage, TrendsForecastsPage - Add role="button", tabIndex, onKeyDown, aria-expanded to clickable tr in NetWorthPage - Add role="button", tabIndex, onKeyDown, aria-label to clickable motion.div in CategoryBreakdown
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
secrets.token_urlsafe(), fix SQL injection in migration (f-string -> parameterizedsa.text()), wrap unhandledlocalStorage.setItemin try/catchcalendar.monthrange(), remove dead backward-compat alias, deduplicate localStorage helpers in BillCalendarPagetabIndex,onKeyDown,aria-sortto 7 sortable<th>elements,role="button"+aria-expandedto clickable<tr>,aria-labelto clickable<motion.div>in CategoryBreakdownTest plan
pnpm run type-checkpassespnpm run lintpasses (0 errors)pnpm run buildsucceedsuv run ruff check .passes