Commit Graph

5909 Commits

Author SHA1 Message Date
dependabot[bot]
7ae218f558
Bump react-router-dom from 6.4.5 to 6.7.0 in /Plan/react/dashboard (#2836)
Bumps [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) from 6.4.5 to 6.7.0.
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@6.7.0/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: react-router-dom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 18:42:57 +02:00
dependabot[bot]
5f66370ec9
Bump io.swagger.core.v3.swagger-gradle-plugin in /Plan (#2824)
Bumps io.swagger.core.v3.swagger-gradle-plugin from 2.2.7 to 2.2.8.

---
updated-dependencies:
- dependency-name: io.swagger.core.v3.swagger-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 18:31:21 +02:00
dependabot[bot]
468aada307
Bump swaggerVersion from 2.2.7 to 2.2.8 in /Plan (#2826)
Bumps `swaggerVersion` from 2.2.7 to 2.2.8.

Updates `swagger-core-jakarta` from 2.2.7 to 2.2.8

Updates `swagger-jaxrs2-jakarta` from 2.2.7 to 2.2.8

---
updated-dependencies:
- dependency-name: io.swagger.core.v3:swagger-core-jakarta
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.swagger.core.v3:swagger-jaxrs2-jakarta
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 18:31:07 +02:00
dependabot[bot]
446a4c1cb3
Bump mockitoVersion from 4.11.0 to 5.0.0 in /Plan (#2835)
Bumps `mockitoVersion` from 4.11.0 to 5.0.0.

Updates `mockito-core` from 4.11.0 to 5.0.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v4.11.0...v5.0.0)

Updates `mockito-junit-jupiter` from 4.11.0 to 5.0.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v4.11.0...v5.0.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 18:27:48 +02:00
dependabot[bot]
1c1aa08948
Bump mysql-connector-java from 8.0.31 to 8.0.32 in /Plan (#2834)
Bumps mysql-connector-java from 8.0.31 to 8.0.32.

---
updated-dependencies:
- dependency-name: mysql:mysql-connector-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 18:16:02 +02:00
dependabot[bot]
7a44a91546
Bump axios from 1.2.2 to 1.2.3 in /Plan/react/dashboard (#2837)
Bumps [axios](https://github.com/axios/axios) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 18:15:43 +02:00
Aurora Lahtela
1f1a8e0de2 Unregister placeholder extension when Plan disables
Affects issues:
- Fixed #2833
2023-01-17 17:52:12 +02:00
AuroraLS3
75e9057919 Update versions.txt 5.5 build 2172 - CRITICAL security vulnerability fix 2023-01-15 08:43:42 +00:00
Aurora Lahtela
9e11d9f484 Removed untrusted data from exception messages in case they end up on the webpage 2023-01-15 10:04:10 +02:00
Aurora Lahtela
f20a04809c Test against and identify path traversal vulnerability in other methods 2023-01-15 09:30:30 +02:00
Aurora Lahtela
b0a1bc1fb1 Prevent malicious join address packet from breaking session serialization 2023-01-15 09:01:28 +02:00
Aurora Lahtela
38785a9505 Added Untrusted-annotation to be more careful around user given data
- Fixed SQL-injection vulnerability in an endpoint
- Fixed XSS on Whitelist deny 403 page
- Fixed XSS on Internal Error 500 page if untrusted data ends up in exception message
2023-01-14 23:25:35 +02:00
Aurora Lahtela
82274ae658 Fix issue due to 'None' translation in FI language 2023-01-14 12:12:45 +02:00
Aurora Lahtela
bd85f10c55 Fix customized resource lookup Path Traversal vulnerability
Affects issues:
- Fixed #2830
2023-01-13 23:23:12 +02:00
Aurora Lahtela
205692af65 Updated Finnish Locale 2023-01-08 14:47:25 +02:00
Aurora Lahtela
4580666426 Update locale files with new language 2023-01-08 14:09:45 +02:00
AuroraLS3
c8e720cd24 Update versions.txt 5.5 build 2163 2023-01-07 10:09:22 +00:00
Aurora Lahtela
5ba6e0dc9f Fix concurrency issues with json cache and database 2023-01-07 11:45:58 +02:00
Aurora Lahtela
9622f6a614
Disable BadAFKThresholdValuePatch 2023-01-06 23:06:17 +02:00
Aurora Lahtela
97b9a18cea Catch session deserialization errors during enable 2023-01-06 19:40:04 +02:00
dependabot[bot]
85b4a51515
Bump json5 from 1.0.1 to 1.0.2 in /Plan/react/dashboard (#2817)
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-06 15:24:46 +02:00
Aurora Lahtela
e660655136 Disable ReverseProxyRegressionTest 2023-01-06 14:41:50 +02:00
Aurora Lahtela
aa897fe8de Implemented support for reverse-proxy subdirectory addresses
Reverse proxied version of React website now works
when subdirectory address is used (eg. /plan/...)

The functionality was unit tested to ensure things work
2023-01-06 14:24:18 +02:00
Aurora Lahtela
5082f80030 Implemented support for subdirectory addresses
Export of React version of frontend now supports exporting to a subdirectory
So now you can access exported site at /plan/... if it is hosted there.

This might impact reverse proxy setups positively, but that has not yet been tested.
The hypothetical positive impact is the inclusion of subdirectory in the React-router
configuration, since now it can handle the reverse-proxy subdirectory in URL.
2023-01-06 12:12:45 +02:00
dependabot[bot]
ac2fa2ecce
Bump i18next from 22.4.6 to 22.4.8 in /Plan/react/dashboard (#2816)
Bumps [i18next](https://github.com/i18next/i18next) from 22.4.6 to 22.4.8.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v22.4.6...v22.4.8)

---
updated-dependencies:
- dependency-name: i18next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-06 09:13:24 +02:00
dependabot[bot]
86285b2915
Bump mockitoVersion from 4.10.0 to 4.11.0 in /Plan (#2808)
Bumps `mockitoVersion` from 4.10.0 to 4.11.0.

Updates `mockito-core` from 4.10.0 to 4.11.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v4.10.0...v4.11.0)

Updates `mockito-junit-jupiter` from 4.10.0 to 4.11.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v4.10.0...v4.11.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-03 11:36:32 +02:00
dependabot[bot]
0d89122988
Bump sass from 1.56.2 to 1.57.1 in /Plan/react/dashboard (#2800)
Bumps [sass](https://github.com/sass/dart-sass) from 1.56.2 to 1.57.1.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.56.2...1.57.1)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-03 11:36:14 +02:00
dependabot[bot]
b9432673c6
Bump axios from 1.2.1 to 1.2.2 in /Plan/react/dashboard (#2809)
Bumps [axios](https://github.com/axios/axios) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.2.1...1.2.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-03 11:35:53 +02:00
dependabot[bot]
d941e7f858
Bump com.github.node-gradle.node from 3.5.0 to 3.5.1 in /Plan (#2811)
Bumps com.github.node-gradle.node from 3.5.0 to 3.5.1.

---
updated-dependencies:
- dependency-name: com.github.node-gradle.node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-03 11:35:34 +02:00
AuroraLS3
c1084364fb Update versions.txt 5.5 build 2150 - Hotfix 2022-12-30 11:58:24 +00:00
AuroraLS3
8e88b3a9a6 Make undefined join address id guesstimate based on existing data 2022-12-30 13:26:53 +02:00
AuroraLS3
a8dbc3288e Fix checkstyle 2022-12-29 21:06:52 +02:00
AuroraLS3
bf63b29f72 Set bad join address ids as unknown 2022-12-29 20:54:23 +02:00
AuroraLS3
d0030fc6e3 Fix BadJoinAddressDataCorrectionPatch 2022-12-29 20:31:23 +02:00
Aurora Lahtela
6e8dc2215e
Remove build 2124 from version notifications 2022-12-28 10:56:32 +02:00
AuroraLS3
20bac03831 Update versions.txt 5.5 build 2144 2022-12-20 17:45:36 +00:00
Aurora Lahtela
626d63a87d Optimized BadJoinAddressDataCorrectionPatch using INSTR 2022-12-20 19:32:09 +02:00
dependabot[bot]
0eb5e5e7eb
Bump i18next-http-backend from 2.0.2 to 2.1.1 in /Plan/react/dashboard (#2795)
Bumps [i18next-http-backend](https://github.com/i18next/i18next-http-backend) from 2.0.2 to 2.1.1.
- [Release notes](https://github.com/i18next/i18next-http-backend/releases)
- [Commits](https://github.com/i18next/i18next-http-backend/compare/v2.0.2...v2.1.1)

---
updated-dependencies:
- dependency-name: i18next-http-backend
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 18:09:09 +02:00
dependabot[bot]
6a95b38355
Bump i18next from 22.1.4 to 22.4.6 in /Plan/react/dashboard (#2796)
Bumps [i18next](https://github.com/i18next/i18next) from 22.1.4 to 22.4.6.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v22.1.4...v22.4.6)

---
updated-dependencies:
- dependency-name: i18next
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 18:08:59 +02:00
dependabot[bot]
32b1548326
Bump selenium-java from 4.7.1 to 4.7.2 in /Plan (#2794)
Bumps [selenium-java](https://github.com/SeleniumHQ/selenium) from 4.7.1 to 4.7.2.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/commits)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:selenium-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 18:00:22 +02:00
dependabot[bot]
67504d03ea
Bump slf4jVersion from 2.0.5 to 2.0.6 in /Plan (#2786)
Bumps `slf4jVersion` from 2.0.5 to 2.0.6.

Updates `slf4j-nop` from 2.0.5 to 2.0.6
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/compare/v_2.0.5...v_2.0.6)

Updates `slf4j-api` from 2.0.5 to 2.0.6
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/compare/v_2.0.5...v_2.0.6)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-nop
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 17:48:01 +02:00
dependabot[bot]
e8dc82b9f6
Bump i18next-localstorage-backend in /Plan/react/dashboard (#2790)
Bumps [i18next-localstorage-backend](https://github.com/i18next/i18next-localStorage-backend) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/i18next/i18next-localStorage-backend/releases)
- [Changelog](https://github.com/i18next/i18next-localstorage-backend/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next-localStorage-backend/compare/v4.0.1...v4.1.0)

---
updated-dependencies:
- dependency-name: i18next-localstorage-backend
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 17:47:27 +02:00
dependabot[bot]
ad48e86725
Bump i18next-chained-backend in /Plan/react/dashboard (#2789)
Bumps [i18next-chained-backend](https://github.com/i18next/i18next-chained-backend) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/i18next/i18next-chained-backend/releases)
- [Changelog](https://github.com/i18next/i18next-chained-backend/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next-chained-backend/compare/v4.1.0...v4.2.0)

---
updated-dependencies:
- dependency-name: i18next-chained-backend
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 17:47:02 +02:00
dependabot[bot]
c8f538d450
Bump mockitoVersion from 4.9.0 to 4.10.0 in /Plan (#2793)
Bumps `mockitoVersion` from 4.9.0 to 4.10.0.

Updates `mockito-core` from 4.9.0 to 4.10.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v4.9.0...v4.10.0)

Updates `mockito-junit-jupiter` from 4.9.0 to 4.10.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v4.9.0...v4.10.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 18:58:15 +02:00
dependabot[bot]
125f13ea4f
Bump jettyVersion from 11.0.12 to 11.0.13 in /Plan (#2792)
Bumps `jettyVersion` from 11.0.12 to 11.0.13.

Updates `jetty-server` from 11.0.12 to 11.0.13
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](https://github.com/eclipse/jetty.project/compare/jetty-11.0.12...jetty-11.0.13)

Updates `jetty-alpn-java-server` from 11.0.12 to 11.0.13

Updates `http2-server` from 11.0.12 to 11.0.13

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-alpn-java-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.http2:http2-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 18:57:19 +02:00
Aurora Lahtela
0fdd12e61f Patch bad join address data if it is in database 2022-12-18 21:32:08 +02:00
Aurora Lahtela
9e44000d21 Fix setting boolean parameters dynamically
Affects issues:
- Fixed #2784
2022-12-14 19:33:44 +02:00
Aurora Lahtela
a773c4c46e Wrote a test for exported react pages
Affects issues:
- Close #2767
2022-12-13 19:33:00 +02:00
Aurora Lahtela
155910554f Fixed exported page constantly updating data in the background 2022-12-11 21:35:31 +02:00
Aurora Lahtela
b3ef8e5a51 Fix onSetExtremes is undefined error 2022-12-10 10:20:12 +02:00