fix: review round 57 - findings already fixed in previous rounds #858
Description
Why
Code review round 57 found 12 issues, but all MUST-FIX issues were already addressed in previous rounds (round 56 JWT validation, round 55 LFS batch queries).
What
Review findings are already fixed:
- MUST-FIX Auto-deploy smoothie #1: JWT expiration validation - fixed in round 56 (fix(web): JWT claims validation - expiration, not-before, issuer, audience #857)
- MUST-FIX Auth keys #2: LFS N+1 query performance - fixed in round 55 (SSH CLI: Custom commands #150)
SHOULD-FIX issues remain unfixed:
- Ignored parse errors in web/git_lfs.go
- Missing repo validation in web/goget.go
- Error logging exposes user information in web/auth.go
Where
- pkg/web/auth.go - JWT validation already present
- pkg/backend/lfs.go - batch query already implemented
- pkg/web/git_lfs.go - parse error handling needs improvement
- pkg/web/goget.go - repo name validation needed
Plan
This PR documents that the critical issues found by round 57 review were already addressed in previous rounds. The worktree was merged with latest main which includes fixes from rounds 55 and 56.
No code changes needed for MUST-FIX items - they already exist in main branch.