Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev #12188
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
….0-dev Release: Merge back 2.44.0 into dev from: master-into-dev/2.44.0-2.45.0-dev
Bumps openapitools/openapi-generator-cli from v7.11.0 to v7.12.0. --- updated-dependencies: - dependency-name: openapitools/openapi-generator-cli dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.1 to 44.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@44.0.1...44.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.37.3 to 1.37.4. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.37.3...1.37.4) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2025.2.1 to 2025.3.1. - [Commits](tfranzel/drf-spectacular-sidecar@2025.2.1...2025.3.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…11927) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…7.4-alpine (docker-compose.yml) (#11922) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.37.4 to 1.37.5. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.37.4...1.37.5) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…7 to v7.0.8 (.github/workflows/update-sample-data.yml) (#11939) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…2.16.1 (docker-compose.override.unit_tests_cicd.yml) (#11941) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…11916) * Update parser documentation template to include additional detail beneficial to users & maintainers. * Update parser-documentation-template.md Small edits --------- Co-authored-by: skywalke34 <[email protected]>
…cs/package.json) (#11944) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.37.5 to 1.37.6. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.37.5...1.37.6) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [easymde](https://github.com/Ionaru/easy-markdown-editor) from 2.19.0 to 2.20.0. - [Changelog](https://github.com/Ionaru/easy-markdown-editor/blob/master/CHANGELOG.md) - [Commits](Ionaru/easy-markdown-editor@2.19.0...2.20.0) --- updated-dependencies: - dependency-name: easymde dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.37.6 to 1.37.7. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.37.6...1.37.7) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.37.7 to 1.37.8. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.37.7...1.37.8) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…e.json) (#11967) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [pycurl](https://github.com/pycurl/pycurl) from 7.45.4 to 7.45.6. - [Changelog](https://github.com/pycurl/pycurl/blob/master/ChangeLog) - [Commits](https://github.com/pycurl/pycurl/commits) --- updated-dependencies: - dependency-name: pycurl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Added first warning * Added warnings to async_process_findings * Added comments to settings to show deprecation * Moved import statement to top of file * Update default_importer.py * Update default_importer.py * Update default_reimporter.py --------- Co-authored-by: Jino Tesauro <[email protected]>
….0-dev Release: Merge back 2.44.1 into dev from: master-into-dev/2.44.1-2.45.0-dev
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.9 to 0.9.10. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.9.9...0.9.10) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.37.8 to 1.37.9. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.37.8...1.37.9) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…pages.yml) (#11987) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.37.9 to 1.37.10. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.37.9...1.37.10) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…2.17.1 (docker-compose.override.unit_tests_cicd.yml) (#11975) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…helm/defectdojo/chart.yaml) (#11978) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* session-expire-notification * move return to else block * remove unused variables expiry time and update context processor name --------- Co-authored-by: Kevin Vuong <[email protected]>
* Ruff: Add B018 rule * update * fix
Release: Merge release into master from: release/2.45.0
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
DryRun Security SummaryMultiple security vulnerabilities were identified in GitHub Actions workflows and configuration files for the DefectDojo project, including exposed email addresses, hardcoded default credentials, insecure network configurations, and sensitive environment variables. Expand for full summarySummary: Multiple GitHub Actions workflows and configuration files were updated, primarily focusing on version bumps, platform flexibility, and minor configuration changes across the DefectDojo project. Security Findings:
Code AnalysisWe ran
Overall Riskiness🔴 Risk threshold exceeded. We've notified @mtesauro. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release triggered by
Maffooch