Add changelog entry for bug-audit batch

MaxGhenis · MaxGhenis · commit a21e4273a7e1 · 2026-04-17T09:15:44.000-04:00
diff --git a/changelog_entry.yaml b/changelog_entry.yaml
@@ -0,0 +1,14 @@
+- bump: patch
+  changes:
+    fixed:
+    - Flatten every (entity, variable, period) triple in flatten_variables_from_household (#1462).
+    - Tighten /calculate_demo rate limit from 1/second to 1/10 seconds (#1463).
+    - Stop unconditionally wiping the analytics SQLite DB and fix the sqlite:// URI (#1464).
+    - Restrict CORS to PolicyEngine origins by default (#1465).
+    - Replace invalid ConnectionError(description=...) with a GCPError class (#1466).
+    - Keep "0"/"1" env-var values as integers instead of collapsing to False/True (#1467).
+    - Verify JWT signatures in the analytics decorator and drop datetime.utcnow (#1468).
+    - Re-raise tracer failures in PolicyEngineCountry.calculate so the endpoint can return a real 500 (#1469).
+    - Validate /calculate payloads and cap axes scans; add per-endpoint rate limit (#1470).
+    - Time-bound and lazy-load the Auth0 JWKS fetch so a startup outage doesn't crash the API (#1471).
+    - Replace deprecated dpath.util.search with dpath.search (#1472).
