v1.0.0 - We Passed the Vibe Check (And the Security Audit)

v1.0.0

We finally added payments, which means JustAJobApp is now a real business and not just a very elaborate hobby. The onboarding flow got a full makeover, the navbar stopped being embarrassing, and paid subscribers can now enjoy auto-refresh twice a day instead of clicking Refresh like it's 2003.

Then we sent the app to strangers whose job it is to find everything wrong with it (the CASA Tier 2 security audit), and they did. So we spent a meaningful chunk of this release implementing AWS KMS, sanitizing inputs we probably should have sanitized earlier, stripping out insecure fallback logic that was doing its best, adding step-up authentication for CSV exports and the Coach view-as feature, fixing cache headers, rate limiting the deletion endpoint, and generally making sure the app fails securely instead of dramatically.

Dependabot also submitted four PRs and remains the most consistent contributor on the team. A Substack newsletter was correctly identified as not a job application and added to the exclusion list. Welcome to 1.0 — we hardened the security, softened the onboarding, and only mildly inconvenienced lodash.

What's Changed

• Add Stripe payments, onboarding flow, and navbar redesign by @lnovitz in #718
• Bump next from 15.5.9 to 16.1.5 in /frontend by @dependabot[bot] in #729
• Bump python-multipart from 0.0.18 to 0.0.22 in /backend by @dependabot[bot] in #728
• Bump lodash from 4.17.21 to 4.17.23 in /frontend by @dependabot[bot] in #725
• Bump protobuf from 5.29.5 to 6.33.5 in /backend by @dependabot[bot] in #730
• fix: add systemdesignone@substack.com to email exclusion filters by @shaominngqing in #733
• Feat: Add Premium Tier for Auto Refresh by @lnovitz in #735
• Add Stripe webhook secret input for backend deployment by @lnovitz in #746
• Bugfix/casa tier 2 by @lnovitz in #747
• Bump js-yaml from 4.1.0 to 4.1.1 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #748
• Bugfix/casa tier 2 (SAQ) by @lnovitz in #750
• Security: Implement strict Cache-Control directives (Fix CWE-525) by @lnovitz in #805
• Navbar UI by @code-qtzl in #734
• Casa Tier 2 Security Audit Questionnaire (SAQ) by @lnovitz in #806
• Step-Up Auth for CSV exports by @lnovitz in #808
• Rate limits deletion endpoint, remove insecure fallback logic by @lnovitz in #809
• Fail securely including when an exception occurs by @lnovitz in #810
• Step-Up Authentication for the Coach X-View-As feature by @lnovitz in #811
• Sanitize Input Data Server-Side by @lnovitz in #812
• Security: AWS KMS, refactor creds management, sanitize csv output, validator file by @lnovitz in #813
• Limits by @lnovitz in #824

New Contributors

• @shaominngqing made their first contribution in #733

Full Changelog: v0.9.0...v1.0.0