Fix CVE-2020-35460: zip slip vulnerability (with thanks to Sangeetha Rajesh S, ZOHO Corporation)
Version 8.3.4
Updated PMXML schema to version 19.12.
Ensure that we always set the activity planned start and planned finish dates when writing a PMXML file.
Updated the getPopulatedFields methods to ignore fields with default values.
Made the Resource ID attribute available as a resource's TEXT1 custom field, with the alias "Resource ID" when reading PMXML and XER files, or from a P^ database. (Note that presently for XER files and P6 databases, the Resource ID value is also read into the initials attribute. This behaviour is deprecated and will be removed in the next major MPXJ release).
Populate the Resource ID with the value read from a P6 schedule when writing a PMXML file.
Ensure that the hours per day, week, month and year attributes are read from and written to PMXML files.
Fix an issue causing the hours per day calendar attribute to be read inaccurately from XER files and P6 databases.
Read assignment actual overtime cost and work attributes from PMXML files.
Update calculation of assignment work, cost and units attributes for PMXML files.
Version 8.3.3
Added cost rate table support when reading from and writing to PMXML files.
Added a getPopulatedFields method to the TaskContainer, ResourceContainer and ResourceAssignmentContainer classes. This will retrieve the set of fields which are populated with a non-null value across the whole project for Tasks, Resources, and ResourceAssignments respectively.
Add START_ON, FINISH_ON constraint types. Deprecate MANDATORY_START, MANDATORY_FINISH constraint types. MANDATORY_START/FINISH are now represented as MUST_START/FINISH_ON. This change allows users to distinguish between START/FINISH_ON and the MANDATORY_* constraints when reading P6 schedules.
Improve handling of cost rate tables and availability tables when writing to an MSPDI file.
Handle P6 databases and XER files with user defined fields of type FT_FLOAT.
Align invalid XER record behaviour with P6.
Handle Planner files which don't contain an allocations tag.
Gracefully handle MPP files with missing view or table data.
Version 8.3.2
Added support for "new tasks are manual" project property (Contributed by Rohit Sinha)
Improved support for reading and writing outline codes and extended attributes for MSPDI files (Based on a contribution by Dave McKay)
Improved handling of enterprise custom fields when reading MPP files
Update Primavera database and XER readers to avoid potential type conversion errors when the caller provides their own field mappings.
Improve handling of some MPP12 MPP file variants.
Avoid error when reading timephased data from certain MPP files.
Gracefully handle MPP files with missing view data.
Update junit to 4.13.1.
Version 8.3.1
Minor updates to PlannerReader.
Version 8.3.0
Add the "userDefined" attribute to the CustomField class to allow caller to determine if the field has been created by a user or MPXJ.
Add support for reading expense items, expense categories and cost accounts from XER files, PMXML files and Primavera databases.
Add support for writing expense items, expense categories and cost accounts to PMXML files.
Updated the XER file reader to ignore invalid records rather than reporting an error, matching the behaviour of P6
Updated the XER file reader to ensure that activity suspend and resume dates are read correctly.
Updated the XER file reader to ensure that if the reader returns the project selected by the caller when the caller supplies a value for project ID.
Updated PMXML reader to avoid user defined field collisions.
Updated PMXML reader to add setProjectID and listProjects methods.
Update the .net extension method ToIEnumerable to work with java.lang.Iterable rather than java.util.Collection
Version 8.2.0
All readers, including the UniversalProjectReader, now support a readAll method. If a file or database contains more than one project the readAll method can be used to retrieve them all in one operation. If the file format doesn't support multiple schedules, readAll will just return a single schedule.
Fix CVE-2020-35460: zip slip vulnerability (with thanks to Sangeetha Rajesh S, ZOHO Corporation)
8.3.4 (10/12/2020)
Updated PMXML schema to version 19.12.
Ensure that we always set the activity planned start and planned finish dates when writing a PMXML file.
Updated the getPopulatedFields methods to ignore fields with default values.
Made the Resource ID attribute available as a resource's TEXT1 custom field, with the alias "Resource ID" when reading PMXML and XER files, or from a P^ database. (Note that presently for XER files and P6 databases, the Resource ID value is also read into the initials attribute. This behaviour is deprecated and will be removed in the next major MPXJ release).
Populate the Resource ID with the value read from a P6 schedule when writing a PMXML file.
Ensure that the hours per day, week, month and year attributes are read from and written to PMXML files.
Fix an issue causing the hours per day calendar attribute to be read inaccurately from XER files and P6 databases.
Read assignment actual overtime cost and work attributes from PMXML files.
Update calculation of assignment work, cost and units attributes for PMXML files.
8.3.3 (24/11/2020)
Added cost rate table support when reading from and writing to PMXML files.
Added a getPopulatedFields method to the TaskContainer, ResourceContainer and ResourceAssignmentContainer classes. This will retrieve the set of fields which are populated with a non-null value across the whole project for Tasks, Resources, and ResourceAssignments respectively.
Add START_ON, FINISH_ON constraint types. Deprecate MANDATORY_START, MANDATORY_FINISH constraint types. MANDATORY_START/FINISH are now represented as MUST_START/FINISH_ON. This change allows users to distinguish between START/FINISH_ON and the MANDATORY_* constraints when reading P6 schedules.
Improve handling of cost rate tables and availability tables when writing to an MSPDI file.
Handle P6 databases and XER files with user defined fields of type FT_FLOAT.
Align invalid XER record behaviour with P6.
Handle Planner files which don't contain an allocations tag.
Gracefully handle MPP files with missing view or table data.
8.3.2 (22/10/2020)
Added support for "new tasks are manual" project property (Contributed by Rohit Sinha)
Improved support for reading and writing outline codes and extended attributes for MSPDI files (Based on a contribution by Dave McKay)
Improved handling of enterprise custom fields when reading MPP files
Update Primavera database and XER readers to avoid potential type conversion errors when the caller provides their own field mappings.
Improve handling of some MPP12 MPP file variants.
Avoid error when reading timephased data from certain MPP files.
Gracefully handle MPP files with missing view data.
Update junit to 4.13.1.
8.3.1 (14/10/2020)
Minor updates to PlannerReader.
8.3.0 (13/10/2020)
Add the "userDefined" attribute to the CustomField class to allow caller to determine if the field has been created by a user or MPXJ.
Add support for reading expense items, expense categories and cost accounts from XER files, PMXML files and Primavera databases.
Add support for writing expense items, expense categories and cost accounts to PMXML files.
Updated the XER file reader to ignore invalid records rather than reporting an error, matching the behaviour of P6
Updated the XER file reader to ensure that activity suspend and resume dates are read correctly.
Updated the XER file reader to ensure that if the reader returns the project selected by the caller when the caller supplies a value for project ID.
Updated PMXML reader to avoid user defined field collisions.
Updated PMXML reader to add setProjectID and listProjects methods.
Update the .net extension method ToIEnumerable to work with java.lang.Iterable rather than java.util.Collection
8.2.0 (09/09/2020)
All readers, including the UniversalProjectReader, now support a readAll method. If a file or database contains more than one project the readAll method can be used to retrieve them all in one operation. If the file format doesn't support multiple schedules, readAll will just return a single schedule.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LibrePlan/libreplan/network/alerts).
dependabot[bot]
commented
1 year ago
Bumps mpxj from 5.2.2 to 8.3.5.
Release notes
Sourced from mpxj's releases.
... (truncated)
Changelog
Sourced from mpxj's changelog.
... (truncated)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LibrePlan/libreplan/network/alerts).