Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge 'dev' branch #47

Closed
wants to merge 166 commits into from
Closed

Merge 'dev' branch #47

wants to merge 166 commits into from

Conversation

mercyblitz
Copy link
Contributor

No description provided.

@mercyblitz
Update maven-build.yml
cbafea0
@mercyblitz
Update maven-publish.yml
5cfefa0
@mercyblitz
Update maven-publish.yml
156ac12
@mercyblitz
Remove the dependency 'io.github.microsphere-projects:microsphere-jav…
a07061e 
…a-enterprise-dependencies'
@mercyblitz
Update pom.xml
7c6d78f
@mercyblitz
Update pom.xml
11faa2f
@mercyblitz
Update pom.xml
5fd51b8
@mercyblitz
Update pom.xml
ca21ad2
@mercyblitz
Merge branch 'main' into dev-1.x
8741f3f
@mercyblitz
Update
2989d43
@mercyblitz
Update Build
a8330da
@mercyblitz
Update pom.xml
b682985
@mercyblitz
Update pom.xml
b6c1ba9
@mercyblitz
Update maven-build.yml
8554d7f
@mercyblitz
Update pom.xml
5dfca09
@mercyblitz
Update pom.xml
656e34f
@mercyblitz
Update pom.xml
61ca1b7
@mercyblitz
Update pom.xml
0b63695
@mercyblitz
Update
731ee5b
@mercyblitz
Update maven-build.yml
7058dc6
@mercyblitz
Merge branch 'dev-1.x' into dev
dff0990
@mercyblitz
Merge pull request #29 from microsphere-projects/dev
077bceb 
Merge branch dev to dev-1.x
@mercyblitz
Update pom.xml
5c3b7c4
@mercyblitz
Update AutowireCandidateResolvingListener.java
926c450
@mercyblitz
Update CompositeAutowireCandidateResolvingListener.java
f9c0c61
@mercyblitz
Update LoggingAutowireCandidateResolvingListener.java
7e1a379
@mercyblitz
Update ConfigurationProperty.java
a8349bb
@mercyblitz
Update ListenableAutowireCandidateResolver.java
f4a1204
@mercyblitz
Update ListenableAutowireCandidateResolverTest.java
7225e44
@mercyblitz
To Compare with Spring Framework < 5.3.8
180a42e
@mercyblitz
Polish #34 : Refactor ListenableAutowireCandidateResolver
fe2a501
@mercyblitz
Polish #34 : Refactor
52f1aa1
@mercyblitz
Polish #34 : Refactor
d2c1103
@mercyblitz
Polish #34 : Refactor
2e3b891
@mercyblitz
Polish #34
9041180
@mercyblitz
Polish #34 : Optimize the logging message
471b33c
@mercyblitz
Update BeanDefinitionUtils.java
899c613
@mercyblitz
Update BeanUtils.java
0b0dd2a
@mercyblitz
Update ListenableAutowireCandidateResolver.java
b8482e9
@mercyblitz
Polish #34 : ListenableConfigurableEnvironment
42c866f
@mercyblitz
Update ProfilesParser.java
86884d6
@mercyblitz
Update ListenableConfigurableEnvironment.java
bb5c7c2
@mercyblitz
Polish #34 : Add microsphere-spring-compatible module
2fe7f5e
@mercyblitz
Update pom.xml
67a8b92
@mercyblitz
Update pom.xml
6429342
@mercyblitz
Polish #34 : Compatible with Spring Framework 4.3
0fde82c
@mercyblitz
Polish #34 : Support Spring Framework 4.3
7332cab
@mercyblitz
Polish #33 : Remove microsphere-spring-test
7aa9c33
@mercyblitz
Polish #33
983e714
@mercyblitz
Update pom.xml
2108335
@mercyblitz
Merge remote-tracking branch 'upstream/dev-1.x' into dev
08adbb9
@mercyblitz
Merge dev-1.x code
27b5a1f
@mercyblitz
Polish #42
42f42dd
@mercyblitz
Change the github workflows files
fb32966
@mercyblitz
Merge pull request #46 from mercyblitz/dev
cf54af4 
Merge '1.x'. branch
@mercyblitz mercyblitz added this to the 2.0.0 milestone Jan 3, 2025
@mercyblitz mercyblitz self-assigned this Jan 3, 2025
@codecov Codecov
Copy link

codecov bot commented Jan 3, 2025

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

ℹ️ You can also turn on project coverage checks and project coverage reporting on Pull Request comment

Thanks for integrating Codecov - We've got you covered ☂️

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 3, 2025
View reviewed changes
...here-spring-webmvc/src/test/java/io/microsphere/spring/webmvc/controller/TestController.java
@RequestMapping(value = "/echo/{message}", method = {GET, POST})
@Idempotent
public String echo(@PathVariable String message) {
return "[ECHO] : " + message;

Check warning

Code scanning / CodeQL

Cross-site scripting Medium test

Cross-site scripting vulnerability due to a
user-provided value
Loading
.

Copilot Autofix AI 29 days ago

To fix the cross-site scripting vulnerability, we need to ensure that the user-provided input (message) is properly sanitized or encoded before being included in the response. The best way to fix this issue is to use a library that provides HTML encoding to prevent XSS attacks. In Java, the StringEscapeUtils class from the Apache Commons Text library can be used for this purpose.

  1. Add the Apache Commons Text library to the project dependencies if it is not already included.
  2. Import the StringEscapeUtils class in the TestController class.
  3. Use the StringEscapeUtils.escapeHtml4 method to encode the message parameter before including it in the response.
Suggested changeset 2
microsphere-spring-webmvc/src/test/java/io/microsphere/spring/webmvc/controller/TestController.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/microsphere-spring-webmvc/src/test/java/io/microsphere/spring/webmvc/controller/TestController.java b/microsphere-spring-webmvc/src/test/java/io/microsphere/spring/webmvc/controller/TestController.java
--- a/microsphere-spring-webmvc/src/test/java/io/microsphere/spring/webmvc/controller/TestController.java
+++ b/microsphere-spring-webmvc/src/test/java/io/microsphere/spring/webmvc/controller/TestController.java
@@ -23,2 +23,3 @@
 import org.springframework.web.bind.annotation.RestController;
+import org.apache.commons.text.StringEscapeUtils;
 
@@ -40,3 +41,3 @@
     public String echo(@PathVariable String message) {
-        return "[ECHO] : " + message;
+        return "[ECHO] : " + StringEscapeUtils.escapeHtml4(message);
     }
EOF
@@ -23,2 +23,3 @@
import org.springframework.web.bind.annotation.RestController;
import org.apache.commons.text.StringEscapeUtils;

@@ -40,3 +41,3 @@
public String echo(@PathVariable String message) {
return "[ECHO] : " + message;
return "[ECHO] : " + StringEscapeUtils.escapeHtml4(message);
}
microsphere-spring-webmvc/pom.xml
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/microsphere-spring-webmvc/pom.xml b/microsphere-spring-webmvc/pom.xml
--- a/microsphere-spring-webmvc/pom.xml
+++ b/microsphere-spring-webmvc/pom.xml
@@ -21,2 +21,7 @@
     <dependencies>
+    <dependency>
+    <groupId>org.apache.commons</groupId>
+    <artifactId>commons-text</artifactId>
+    <version>1.13.0</version>
+    </dependency>
 
EOF
@@ -21,2 +21,7 @@
<dependencies>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.13.0</version>
</dependency>

This fix introduces these dependencies
Package Version Security advisories
org.apache.commons:commons-text (maven) 1.13.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@mercyblitz mercyblitz closed this Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mercyblitz mercyblitz

Labels
None yet
Projects
None yet
Milestone
0.2.0
Development

Successfully merging this pull request may close these issues.
1 participant
@mercyblitz