Security & updates
What we keep current, and how.
This page is maintained by the Our Journey team. It lists the controls we enforce day to day and the dependency updates worth knowing about. It isn't an independent certification — just an honest log.
Controls in place
- Row-level security on every table that holds a couple's writing, scoped to the signed-in user.
- Sensitive columns (like subscription tier) are server-managed only — the app cannot change them directly.
- Payment webhooks verify the provider signature before any state change.
- Continuous integration runs a dependency audit on every change and on a daily schedule, failing builds on high or critical advisories.
Recent updates
- June 24, 2026Patched
TanStack Start bumped to 1.168.x
Pulled in patched undici (TLS bypass, WebSocket DoS, SOCKS5 pool reuse, Set-Cookie header injection, shared-cache disclosure) and the TanStack server-core sibling-function deserialization fix.
Advisories: GHSA-vmh5-mc38-953g, GHSA-vxpw-j846-p89q, GHSA-hm92-r4w5-c3mj, GHSA-p88m-4jfj-68fv, GHSA-pr7r-676h-xcf6, GHSA-9m65-766c-r333
- June 24, 2026Patched
Subscription tier locked to server-only updates
Column-level grants on profiles and couples now exclude subscription_tier from anything the app can write directly. Database triggers reject any tier change that isn't coming from the payment webhook.
- June 24, 2026Patched
Internal database helpers tightened
Trigger-only functions can no longer be called over the API. Row-level security helper predicates are restricted to signed-in users.
- June 24, 2026Patched
js-yaml merge-key DoS (GHSA-h67p-54hq-rp68)
Resolved to js-yaml 4.1.1, which contains the upstream fix. Only reachable through build-time YAML parsing, never user input.
Advisories: GHSA-h67p-54hq-rp68
Reporting a vulnerability
Last updated: June 24, 2026.