Bump gitleaks/gitleaks-action from 2 to 3#1
Closed
dependabot[bot] wants to merge 86 commits into
Closed
Conversation
- Student portal with category tiles + per-category pages - Admin panel with module/subtopic/lab CRUD and category field - Backend data persisted to ./data/ (bind mount) for git-based sync - Auto-rebuild of lab docker images on backend startup Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Default ADMIN_PASS changed to ppsspp@2021 (docker-compose + .env.example) - ModuleViewer: drop "SUBTOPIC N" / "Section" eyebrow on content card - Persist seeded modules.json Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Block re-attempts after submission with a server-side 403 in POST /attempts, a partial unique index on (user_id, exam_id) for submitted attempts, and lock state surfaced through GET /exams so the UI shows "Completed" with a "View result" link instead of "Start" for completed modules. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Each student lab launch already binds to its own dynamic host port; this hardens the path: a partial unique index prevents two active instances for the same attempt, pickFreePort honours an admin-set preferred port, and the launch route retries on host-side port-bind collisions so a stale host listener no longer kills the launch. Lab port range is now surfaced in .env.example for clean VPS firewall provisioning. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Avoids the :80 conflict on hosts already running nginx/apache. Operators can pin a specific port via the FRONTEND_PORT env var. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Documents the FRONTEND_PORT=8080 + host-nginx topology so future deployments don't trip on the :80 conflict or the 502 from a stale proxy_pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Ship a :443 server block with HSTS + a :80 redirect, so a fresh deploy isn't met with Secure Connection Failed when the browser auto-upgrades to HTTPS. README spells out the certbot order-of-operations and the escape hatch for bootstrapping before a cert exists. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Persist mcq/lab/practical/max scores on each attempt and recompute them from a single helper so admin re-grades and exam submission stay in sync. Surface the breakdown to students (transcript page + redesigned result page with pass/fail) and admins (filterable gradebook with CSV export). One-off seed backfill rewrites legacy attempts. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Removes the `db` MySQL container; the backend now connects to MySQL running on the host via host.docker.internal (extra_hosts host-gateway). All DB_* values are .env-driven, the pool honours DB_PORT, and the deploy README documents the host-side bind-address / grants / firewall plus a dump-and-restore path for migrating existing data. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When JWT_SECRET drifts between rebuilds, every live session breaks and the admin dashboard's Exam Portal card surfaces 'invalid_token'. Make .env.example say it's required + how to generate, and add a one-liner fix to the deploy troubleshooting section. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Frontend now reads the backend's error code (user_exists, too_short, too_many_attempts, internal_error, …) and maps it to a specific human-readable line, so a stuck deploy reads as "database may be unreachable" instead of "please try again". Backend logs the underlying MySQL error code on registerUser failure. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
api() now distinguishes a thrown fetch (network_error with the underlying TypeError detail) from an HTTP error response, so the "Cannot reach the server" fallback only fires on real transport failures. Register/Login map the new code to actionable copy that points to /api/health. Backend bootstrap no longer dies when MySQL is unreachable; it logs and keeps the process alive so /api/health answers and the message map can identify the failure mode. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Idempotent shell script that collapses the entire host-MySQL setup (install, bind-address, db+user+grants, .env sync, ufw rule, redeploy, probe) into a single sudo invocation. Eliminates the recurring 502 / db_unavailable surface area that comes from any one of those steps being skipped or done in the wrong order. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New scheduled_start/scheduled_end columns on exams (nullable, CHECK constraint), exposed through admin POST/PUT and student GET routes. POST /attempts now 403s with exam_not_started / exam_closed outside the window. ExamRunner clamps its countdown to scheduled_end so the in-flight auto-submit honours the deadline. Student dashboard and exams list show "Starts in 10m" / "Closed" badges and disable Start accordingly; admin gets a Schedule card on the exam editor and a Window column on the exams list. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Returns one row per published exam (not just submitted attempts) so upcoming/unattempted exams appear with em-dash in Current Marks and the precomputed Total Marks from the exam's question/lab/flag points. Front-end strips the stat cards and breakdown columns to match the requested four-column layout. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Drops the fuchsia/pink gradient bar and standalone "Open →" link in favour of a card that sits as a peer with the Course Catalog tiles: brand-tinted icon tile, title with a Live pill, descriptive subtitle, and a real "Open portal" CTA button with an external-link glyph. Keeps the existing access gate and SSO click handler; adds an accessible label and a brand focus ring. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The main LMS frontend's package.json doesn't carry lucide-react (only the Exam-Portal frontend does), so the previous commit broke the build with TS2307. Replace the two glyphs with local inline-SVG components named identically — no dependency change, no markup change in the launcher card. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The FOREIGN KEY assignment_batches -> assignments would fail on legacy DB instances whose assignments table was created under a different default collation, throwing inside initDb and crashing the API on boot — every subsequent request returned 502. Wrap the new CREATE TABLE statements in try/catch, drop the FK, and handle the cascade in deleteAssignment. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The /data volume can be mounted with restrictive ownership; an EACCES from mkdir propagated as an unhandled rejection and killed the Node process, leaving the backend dead and host nginx returning 502 for every subsequent request. Catch the error in each upload handler and add process-level unhandledRejection/uncaughtException loggers so unexpected failures degrade to a 500 instead of taking down the API. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bind-mounted host dirs override the build-time chown, leaving /data owned by root and the app user unable to write attachments. Add an entrypoint that runs as root, chowns /data, then execs node as app via su-exec. CHOWN/SETUID capabilities are already granted in compose. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add three nullable columns to users (full_name, enrollment_number, email) and expose GET /api/auth/me + PATCH /api/auth/me so each student fills them once. StudentAssignments auto-fills the three inputs from the profile and updates it whenever the student edits/submits, so future assignments need only the .zip upload. Admin Users page shows the new columns and ships an Edit Profile dialog (PATCH /auth/users/:u/profile). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Single idempotent .sql that creates labdb, the labuser, and all 14 tables the backend expects (5 native + 6 Exam-Portal mirror + 3 cross-feature). Mirrors backend/src/store/db.ts initSchema() so the runtime CREATEs are no-ops afterwards, even when the app user lacks CREATE/ALTER privileges. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Self-contained Gradle project under Android/. Single-activity Compose app that talks to https://lab.upskilltraining.in/api/ with the existing Bearer JWT auth. Student-only v1: Login, Assignments list, Assignment detail (brief PDF download + .zip submission with identity prefill), Profile editor. Token kept in EncryptedSharedPreferences. Build with Android Studio Hedgehog+ / JDK 17: cd Android && ./gradlew :app:assembleDebug Override base URL via local.properties (LAB_API_BASE=). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Backend - New GET /api/exams/attempts (auth-only). Returns the signed-in students exam_attempts rows joined with exam_exams (title, dates, score/max). Android - Renamed package in.upskilltraining.labportal -> com.upskilltraining.labportal (AGP rejects \"in\" as a Java identifier). - Added ExamAttempt model, ExamsRepository, ExamsViewModel, ExamsScreen. - Replaced top-level Profile route with a bottom NavigationBar shell (Assignments / Exams / Profile). Login + Assignment detail stay on the outer NavHost. - New util/OnResume helper; AssignmentList, Exams, and Profile screens auto-refresh when the app comes to the foreground. - Pull-to-refresh added to AssignmentList and Exams (Material 3 PullToRefreshBox). - Profile shows \"Exam access: granted/disabled\". - Fix Retrofit serialization converter coordinate to the Square-shipped com.squareup.retrofit2:converter-kotlinx-serialization (the previous jakewharton artifact exposes a different package). - Added Gradle 8.9 wrapper so the project builds without IDE setup: cd Android && ./gradlew :app:assembleDebug Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) from 2 to 3. - [Release notes](https://github.com/gitleaks/gitleaks-action/releases) - [Commits](gitleaks/gitleaks-action@v2...v3) --- updated-dependencies: - dependency-name: gitleaks/gitleaks-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/github_actions/gitleaks/gitleaks-action-3
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps gitleaks/gitleaks-action from 2 to 3.
Release notes
Sourced from gitleaks/gitleaks-action's releases.
... (truncated)
Commits
e0c47f4chore: migrate to Node 24 runtime (v3)bf2dc8eMerge pull request #191 from Olexandr88/patch-1b71323bUpdate README.md9c66aa9Update README.md186c3feCreate FUNDING.ymlDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)