Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: lee4755026/Code4Java
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: luxiaoxun/Code4Java
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 16 commits
  • 4 files changed
  • 4 contributors

Commits on May 23, 2023

  1. Bump sqlite-jdbc from 3.7.2 to 3.41.2.2 in /MapHttpService 

    Bumps [sqlite-jdbc](https://github.com/xerial/sqlite-jdbc) from 3.7.2 to 3.41.2.2.
- [Release notes](https://github.com/xerial/sqlite-jdbc/releases)
- [Changelog](https://github.com/xerial/sqlite-jdbc/blob/master/CHANGELOG)
- [Commits](xerial/sqlite-jdbc@sqlite-jdbc-3.7.2...3.41.2.2)

---
updated-dependencies:
- dependency-name: org.xerial:sqlite-jdbc
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored May 23, 2023
    Configuration menu
    Copy the full SHA
    9489bd1 View commit details
    Browse the repository at this point in the history

Commits on Jun 14, 2023

  1. Bump guava from 30.0-jre to 32.0.0-jre in /WebGisDemo 

    Bumps [guava](https://github.com/google/guava) from 30.0-jre to 32.0.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jun 14, 2023
    Configuration menu
    Copy the full SHA
    1249d66 View commit details
    Browse the repository at this point in the history

  2. Bump guava from 30.1-jre to 32.0.0-jre in /MapHttpService 

    Bumps [guava](https://github.com/google/guava) from 30.1-jre to 32.0.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jun 14, 2023
    Configuration menu
    Copy the full SHA
    49af5cd View commit details
    Browse the repository at this point in the history

  3. Bump guava from 30.1-jre to 32.0.0-jre in /LogCollector 

    Bumps [guava](https://github.com/google/guava) from 30.1-jre to 32.0.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jun 14, 2023
    Configuration menu
    Copy the full SHA
    a6c6214 View commit details
    Browse the repository at this point in the history

  4. Bump guava from 30.1-jre to 32.0.0-jre in /NettyMqService 

    Bumps [guava](https://github.com/google/guava) from 30.1-jre to 32.0.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jun 14, 2023
    Configuration menu
    Copy the full SHA
    945c78d View commit details
    Browse the repository at this point in the history

Commits on Jun 19, 2023

  1. Merge pull request luxiaoxun#35 from luxiaoxun/dependabot/maven/WebGi… 

    …sDemo/com.google.guava-guava-32.0.0-jre

Bump guava from 30.0-jre to 32.0.0-jre in /WebGisDemo
    @luxiaoxun
    luxiaoxun authored Jun 19, 2023
    Configuration menu
    Copy the full SHA
    2b03f4e View commit details
    Browse the repository at this point in the history

  2. Merge pull request luxiaoxun#36 from luxiaoxun/dependabot/maven/MapHt… 

    …tpService/com.google.guava-guava-32.0.0-jre

Bump guava from 30.1-jre to 32.0.0-jre in /MapHttpService
    @luxiaoxun
    luxiaoxun authored Jun 19, 2023
    Configuration menu
    Copy the full SHA
    fec21db View commit details
    Browse the repository at this point in the history

  3. Merge pull request luxiaoxun#37 from luxiaoxun/dependabot/maven/LogCo… 

    …llector/com.google.guava-guava-32.0.0-jre

Bump guava from 30.1-jre to 32.0.0-jre in /LogCollector
    @luxiaoxun
    luxiaoxun authored Jun 19, 2023
    Configuration menu
    Copy the full SHA
    34c2bec View commit details
    Browse the repository at this point in the history

  4. Merge pull request luxiaoxun#38 from luxiaoxun/dependabot/maven/Netty… 

    …MqService/com.google.guava-guava-32.0.0-jre

Bump guava from 30.1-jre to 32.0.0-jre in /NettyMqService
    @luxiaoxun
    luxiaoxun authored Jun 19, 2023
    Configuration menu
    Copy the full SHA
    3b938a9 View commit details
    Browse the repository at this point in the history

Commits on Nov 22, 2023

  1. Bump org.elasticsearch:elasticsearch in /LogCollector 

    Bumps [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) from 7.14.0 to 7.17.14.
- [Release notes](https://github.com/elastic/elasticsearch/releases)
- [Changelog](https://github.com/elastic/elasticsearch/blob/main/CHANGELOG.md)
- [Commits](elastic/elasticsearch@v7.14.0...v7.17.14)

---
updated-dependencies:
- dependency-name: org.elasticsearch:elasticsearch
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Nov 22, 2023
    Configuration menu
    Copy the full SHA
    cf2b9bf View commit details
    Browse the repository at this point in the history

  2. Bump org.elasticsearch:elasticsearch in /WebGisDemo 

    Bumps [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) from 7.14.0 to 7.17.14.
- [Release notes](https://github.com/elastic/elasticsearch/releases)
- [Changelog](https://github.com/elastic/elasticsearch/blob/main/CHANGELOG.md)
- [Commits](elastic/elasticsearch@v7.14.0...v7.17.14)

---
updated-dependencies:
- dependency-name: org.elasticsearch:elasticsearch
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Nov 22, 2023
    Configuration menu
    Copy the full SHA
    7352c58 View commit details
    Browse the repository at this point in the history

Commits on Dec 17, 2023

  1. vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 

    This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSS: 8.1
Detection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#8
Detection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#8


Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D

Co-authored-by: Moderne <[email protected]>
    @JLLeitschuh @TeamModerne
    JLLeitschuh and TeamModerne committed Dec 17, 2023
    Configuration menu
    Copy the full SHA
    1b5532e View commit details
    Browse the repository at this point in the history

Commits on Jan 31, 2024

  1. Merge pull request luxiaoxun#44 from BulkSecurityGeneratorProjectV2/f… 

    …ix/JLL/use_https_to_resolve_dependencies_maven

[SECURITY] Use HTTPS to resolve dependencies in Maven Build
    @luxiaoxun
    luxiaoxun authored Jan 31, 2024
    Configuration menu
    Copy the full SHA
    3c2bafc View commit details
    Browse the repository at this point in the history

Commits on Feb 2, 2024

  1. Merge pull request luxiaoxun#43 from luxiaoxun/dependabot/maven/WebGi… 

    …sDemo/org.elasticsearch-elasticsearch-7.17.14

Bump org.elasticsearch:elasticsearch from 7.14.0 to 7.17.14
    @luxiaoxun
    luxiaoxun authored Feb 2, 2024
    Configuration menu
    Copy the full SHA
    e116227 View commit details
    Browse the repository at this point in the history

  2. Merge pull request luxiaoxun#42 from luxiaoxun/dependabot/maven/LogCo… 

    …llector/org.elasticsearch-elasticsearch-7.17.14

Bump org.elasticsearch:elasticsearch from 7.14.0 to 7.17.14
    @luxiaoxun
    luxiaoxun authored Feb 2, 2024
    Configuration menu
    Copy the full SHA
    aa6fbf0 View commit details
    Browse the repository at this point in the history

  3. Merge pull request luxiaoxun#34 from luxiaoxun/dependabot/maven/MapHt… 

    …tpService/org.xerial-sqlite-jdbc-3.41.2.2

Bump sqlite-jdbc from 3.7.2 to 3.41.2.2
    @luxiaoxun
    luxiaoxun authored Feb 2, 2024
    Configuration menu
    Copy the full SHA
    99c2d13 View commit details
    Browse the repository at this point in the history
Loading