Skip to content

Merge 1.0.0-rc1 into master branch#24

Merged
PaperStrange merged 121 commits intomasterfrom
release-1.0.0-RC1
May 19, 2025
Merged

Merge 1.0.0-rc1 into master branch#24
PaperStrange merged 121 commits intomasterfrom
release-1.0.0-RC1

Conversation

@PaperStrange
Copy link
Owner

@PaperStrange PaperStrange commented May 19, 2025

Changes 🏗️

  • Close task and OKRS from project phase 6 to 7
  • For more details, refering to this file

Checklist 📋

For code changes:

  • I have clearly listed my changes in the PR description
  • [ X I have made a test plan
  • I have tested my changes according to the test plan:
    • All front-end and backend tests documentated in this folder
    • Notice for API testing, statistical front component and user jouerney testing, mock data is used
    • ...
Example test plan - Rrefering to folders mentioned above

For configuration changes:

  • .env.example is updated or already compatible with my changes
  • docker-compose.yml is updated or already compatible with my changes
  • I have included a list of my configuration changes in the PR description (under Changes)
Examples of configuration changes refering to README.md in the project root path

PaperStrange and others added 30 commits March 23, 2025 15:05
@PaperStrange
Feat: add feedback and visualization components for beta launch
0e3e40b
@PaperStrange
Feat: embed RBAC system
e019bc5
@PaperStrange
Feat: add email-verification and reset logic
5826c94
@PaperStrange
Feat: enhance onboarding flow and add statical dashboard
caa55a3
@PaperStrange
Docs: update with new features and new test cases
e1b6f09
@PaperStrange
Fix: remove security vulnerabilities
4a5a40b
@PaperStrange
Docs: add security.md
6a62003
@PaperStrange
Feat: init github action and workflow fix #issue 3
40908ef
@PaperStrange
Feat: implement secure token vault system for API key management and …
b6b7b46 
…enhance documentation
@PaperStrange
Fix: apply new token security solution to related codebase
7baa93c
@PaperStrange
Fix: fix issue #3 workflow error [![TourGuideAI CI/CD Pipeline](https…
9d31f13 
…://github.com/PaperStrange/TourGuideAI/actions/workflows/ci-cd.yml/badge.svg)](https://github.com/PaperStrange/TourGuideAI/actions/workflows/ci-cd.yml)
@PaperStrange
Fix: fix issue #3 fix workflow error https://github.com/PaperStrange/…
8ef2be9 
…TourGuideAI/actions/workflows/ci-cd.yml
@PaperStrange
Fix: fix issue #3 enhance frontend stability and error handling updat…
2afd0c6 
…e documentations
@PaperStrange
Docs: update package lists
faa62de
@PaperStrange
Docs: adjust template issues fix issue #9
3654734
@PaperStrange
Test: run npm test, records and fix errors
7307adc
@PaperStrange
Docs: update project structure and documentation, enhance workflow pr…
f5f41c6 
…ocesses, and remove obsolete files fix issue #16
@PaperStrange
Docs: reorganize project documentation structure, consolidate files i…
34790a7 
…nto project_lifecycle directory fix issue #13
@PaperStrange
Docs: add visualization for .md files and project workflows
149f0bd
@PaperStrange
Feat: update dependencies and enhance testing documentation; add Play…
06c7bf4 
…wright for testing and improve stability test instructions fix issue #12
@PaperStrange
Feat: Enhance CI/CD workflow by adding stability tests and storing re…
67cb55b 
…sults as artifacts; update documentation to reflect new testing processes fix issue #12
@PaperStrange
Feat: add more stability tests to align with the test plan
28ca45c
@PaperStrange
Fix: add stability test documentation; restructure test results stora…
6354047 
…ge and enhance survey components
@PaperStrange
Feat: update github workflow and add new README.MD
bb82ba8
@PaperStrange
Docs: update file relationship
85b4707
@PaperStrange
Feat: complete okr for Beta Program Infrastructure
69db220
@PaperStrange
Feat: create heatmap visualization
e25a538
@PaperStrange
Docs: rectify the wrong status marks according to the programming codes
3e34f08
@PaperStrange
Feat: embed hotjar service
ec83194
@PaperStrange
Feat: expand User Testing Program with new tasks and UI components
ed354de
@PaperStrange PaperStrange self-assigned this May 19, 2025
@PaperStrange PaperStrange added good first issue Good for newcomers release new version release labels May 19, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems May 19, 2025
View reviewed changes
.github/workflows/ci-cd.yml
grep -r --include="*.js" --include="*.jsx" --include="*.ts" --include="*.tsx" "\/\* global " src/

- name: Install PowerShell
uses: bjompen/UpdatePWSHAction@v1.0.1

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'TourGuideAI CI/CD Pipeline' step
Uses Step
Loading
uses 'bjompen/UpdatePWSHAction' with ref 'v1.0.1', not a pinned commit hash
.github/workflows/ci-cd.yml

- name: Set up AWS CLI
uses: aws-actions/configure-aws-credentials@v1
uses: aws-actions/configure-aws-credentials@v4

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'TourGuideAI CI/CD Pipeline' step
Uses Step
Loading
uses 'aws-actions/configure-aws-credentials' with ref 'v4', not a pinned commit hash
.github/workflows/ci-cd.yml

- name: Set up AWS CLI
uses: aws-actions/configure-aws-credentials@v1
uses: aws-actions/configure-aws-credentials@v4

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'TourGuideAI CI/CD Pipeline' step
Uses Step
Loading
uses 'aws-actions/configure-aws-credentials' with ref 'v4', not a pinned commit hash
.github/workflows/ci-cd.yml
run: npm ci

- name: Install PowerShell
uses: bjompen/UpdatePWSHAction@v1.0.1

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'TourGuideAI CI/CD Pipeline' step
Uses Step
Loading
uses 'bjompen/UpdatePWSHAction' with ref 'v1.0.1', not a pinned commit hash
.github/workflows/dependency-updates.yml

# Use Dependabot to update dependencies
- name: Enable Dependabot
uses: dependabot/fetch-metadata@v1.6.0

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Dependency Updates' step
Uses Step
Loading
uses 'dependabot/fetch-metadata' with ref 'v1.6.0', not a pinned commit hash
.github/workflows/security-scan.yml
# OWASP ZAP Baseline Scan
- name: ZAP Baseline Scan
uses: zaproxy/action-baseline@v0.7.0
uses: zaproxy/action-baseline@v0.9.0

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step
Uses Step
Loading
uses 'zaproxy/action-baseline' with ref 'v0.9.0', not a pinned commit hash
.github/workflows/security-scan.yml

# License compliance scanning
- name: License Scanning
uses: fossas/fossa-action@main

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step
Uses Step
Loading
uses 'fossas/fossa-action' with ref 'main', not a pinned commit hash
.github/workflows/stability-tests.yml
NODE_ENV=test npm test -- tests/security/security-audit.test.js --passWithNoTests

- name: Install PowerShell
uses: bjompen/UpdatePWSHAction@v1.0.1

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Stability Tests' step
Uses Step
Loading
uses 'bjompen/UpdatePWSHAction' with ref 'v1.0.1', not a pinned commit hash
github-advanced-security[bot]
github-advanced-security bot found potential problems May 19, 2025
View reviewed changes
scripts/generate-keys.js
if (fs.existsSync(gitignoreFile)) {
let gitignoreContent = fs.readFileSync(gitignoreFile, 'utf8');
if (!gitignoreContent.includes('generated-keys.txt')) {
fs.appendFileSync(gitignoreFile, '\n# Security keys\nscripts/generated-keys.txt\n');

Check failure

Code scanning / CodeQL

Potential file system race condition High

The file may have changed since it
was checked
Loading
.
scripts/utils/test-script-template.js
(headerEnd < content.length ? content.substring(headerEnd) : '');

// Write updated content
fs.writeFileSync(summaryFile, content);

Check failure

Code scanning / CodeQL

Potential file system race condition High test

The file may have changed since it
was checked
Loading
.
PaperStrange and others added 11 commits May 19, 2025 22:13
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 53: Use of externally-…
570a451 
…controlled format string

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 41: Workflow does not …
65ad0ce 
…contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 58: Indirect uncontrol…
7693050 
…led command line

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 55: Use of externally-…
a130d5c 
…controlled format string

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 57: Indirect uncontrol…
6e523e4 
…led command line

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 33: Log injection
5d19ec4 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 52: Insecure randomness
10776f5 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 56: Use of externally-…
34a8270 
…controlled format string

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 54: Use of externally-…
50d0e62 
…controlled format string

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 40: Workflow does not …
da0baf8 
…contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@PaperStrange @github-advanced-security
Fix: Potential fix for code scanning alert no. 34: Log injection
e3bab74 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems May 19, 2025
View reviewed changes
scripts/run-security-audit.js
Comment on lines +131 to +134
spawn('cmd', ['/c', 'start', '/b', zapPath, '-daemon', '-config', 'api.disablekey=true'], {
stdio: 'ignore',
detached: true
}).unref();

Check warning

Code scanning / CodeQL

Indirect uncontrolled command line Medium

This command depends on an unsanitized
environment variable
Loading
.
This command depends on an unsanitized
environment variable
Loading
.
@PaperStrange
Copy link
Owner Author

PaperStrange commented May 19, 2025

Securty check failures and warnings shall be addressed with issure here dynamically after this pr

@PaperStrange PaperStrange reopened this May 19, 2025
@PaperStrange PaperStrange merged commit 5a426f3 into master May 19, 2025
8 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@PaperStrange PaperStrange

Labels

good first issue Good for newcomers release new version release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PaperStrange