edp963 / davinci

Davinci is a DVsaaS (Data Visualization as a Service) Platform
https://edp963.github.io/davinci
Apache License 2.0
4.92k stars 1.82k forks source link

build(deps): bump pagehelper from 5.1.4 to 5.3.1 in /server #2325

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps pagehelper from 5.1.4 to 5.3.1.

Release notes

Sourced from pagehelper's releases.

5.3.1 - 2022-06-14

  • 处理 CVE-2022-28111 漏洞,限制 order by 参数,避免 SQL 注入
  • Add support for as400. by bluezealot
  • 优化分页结果包装类的泛型参数 by 章福来
  • 规范PostgreSQL分页参数的顺序 by outian

5.3.1

  • Resolve CVE-2022-28111 vulnerability, limit the order by parameter, avoid SQL injection
  • Add support for as400. by bluezealot
  • Optimize generic parameters of Page class **by Zhang Fulai * *
  • Standardize the order of PostgreSQL paging parameters by outian

5.3.0 - 2021-10-07

  • 增加 AutoDialect 接口用于自动获取数据库类型,可以通过 autoDialectClass 配置为自己的实现类,默认使用 DataSourceNegotiationAutoDialect,优先根据连接池获取。 默认实现中,增加针对 hikari,druid,tomcat-jdbc,c3p0,dbcp 类型数据库连接池的特殊处理,直接从配置获取jdbcUrl,当使用其他类型数据源时,仍然使用旧的方式获取连接在读取jdbcUrl。 想要使用和旧版本完全相同方式时,可以配置 autoDialectClass=old。当数据库连接池类型非常明确时,建议配置为具体值,例如使用 hikari 时,配置 autoDialectClass=hikari ,使用其他连接池时,配置为自己的实现类。
  • 支持运行时动态指定使用的 dialect 实现,例如 PageHelper.startPage(1, 10).using("oracle"); 或者 PageHelper.startPage(2, 10).using("org.exmaple.CustomDialect");
  • PageInfo 增加空实例常量属性 PageInfo.EMPTY 以及内容判断 boolean hasContent()
  • 启动中增加 banner, 需要日志级别 debug,可以通过 -Dpagehelper.banner=false 或者环境变量 PAGEHELPER_BANNER=false 关闭
     DEBUG [main] -
    

    ,------. ,--. ,--. ,--.
    | .--. ' ,--,--. ,---. ,---. | '--' | ,---. | | ,---. ,---. ,--.--. | '--' | ' ,-. | | .-. | | .-. : | .--. | | .-. : | | | .-. | | .-. : | .--' | | --' \ '-' | ' '-' ' \ --. | | | | \ --. | | | '-' ' \ --. | |
    --' ----' .- / ----' --' --' ----' --' | |-' ----' --' ---' `--' is intercepting.

    增加 banner 的目的在于,如果你配置了多次分页插件,你会看到 banner 输出多次,你可以在 PageInterceptor 构造方法断点看看那些地方进行了实例化。
  • 完善 Count 查询,当存在 having 时,不在优化查询列。查询列存在有别名的函数或者运算时也不优化查询列,避免 order by 或 having 中使用的别名不存在。
  • 增加判断处理某些数据(如 TDEngine)查询 count 无结果时返回 null
  • 添加 Firebird 数据库支持和 SqlServer2012 分页语法相同。
  • 添加 impala 数据库自动识别。
  • JSqlParser 升级为 4.2 版本。

距离上次更新3个月左右,这次更新直接让假期少了3天 :running: ,关了 GitHub 和 Gitee 上的 200 多个issue,不一定所有问题都得到了处理,如果你还有疑问,可以继续提 issue,下个大版本会考虑直接 6.0,计划全部升级到 java 8,功能保持不变。


  • Add AutoDialect interface to automatically obtain the database type, which can be configured as its own implementation class through autoDialectClass. By default, DataSourceNegotiationAutoDialect is used, which is

... (truncated)

Commits
  • 5085330 发布 5.3.1
  • 554a524 处理 CVE-2022-28111,fixed #674
  • e2a67fc 规范PostgreSQL分页参数的顺序
  • f2d1889 优化分页结果包装类的泛型参数
  • ab7f661 修改 job name
  • 7964926 添加 PR 执行单元测试
  • 375ce52 use GitHub Actions Publish package to the Maven Central Repository
  • 9435e52 Add support for as400.
  • 4b04846 添加编码配置
  • 1e9e512 完善静态变量赋值
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/edp963/davinci/network/alerts).
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.