Bump lxml from 4.9.4 to 5.0.0 by dependabot[bot] · Pull Request #9251 · DefectDojo/django-DefectDojo

dependabot · 2024-01-01T12:42:43Z

Bumps lxml from 4.9.4 to 5.0.0.

Changelog

5.0.0 (2023-12-29)

Features added

Character escaping in C14N2 serialisation now uses a single pass over the text instead of searching for each unescaped character separately.

Early support for Python 3.13a2 was added.

Bugs fixed

LP#1976304: The Element.addnext() method previously inserted the new element before existing tail text. The tail text of both sibling elements now stays on the respective elements.

LP#1980767, GH#379: TreeBuilder.close() could fail with a TypeError after parsing incorrect input. Original patch by Enrico Minack.

Element.itertext(with_tail=False) returned the tail text of comments and processing instructions, despite the explicit option.

GH#370: A crash with recent libxml2 2.11.x versions was resolved. Patch by Michael Schlenker.

A compile problem with recent libxml2 2.12.x versions was resolved.

The internal exception handling in C callbacks was improved for Cython 3.0.

The exception declarations of xmlInputReadCallback, xmlInputCloseCallback, xmlOutputWriteCallback and xmlOutputCloseCallback in tree.pxd were corrected to prevent running Python code or calling into the C-API with a live exception set.

GH#385: The long deprecated unittest.m̀akeSuite() function is no longer used. Patch by Miro Hrončok.

LP#1522052: A file-system specific test is now optional and should no longer fail on systems that don't support it.

GH#392: Some tests were adapted for libxml2 2.13. Patch by Nick Wellnhofer.

Contains all fixes from lxml 4.9.4.

Other changes

... (truncated)

Commits

73fa115 Prepare release of lxml 5.0.0.
6256584 Update changelog.
b38cebf Disable external entity resolution (XXE) by default (GH-391)
2de6ecf tests: Set no_network=False in HTTP tests (GH-392)
5024820 Minor code cleanup.
9f58aa7 Do not let "Element.itertext()"" return tail text of PIs and comments if the ...
badcb49 Update changelog.
e82b1f5 CI: Build the coverage job with STATIC_DEPS=true to make it independent of th...
8324137 Fix test in Py2.7.
ac82838 Fix the work around for a test failure in Python 3.11.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dryrunsecurity · 2024-01-01T12:43:13Z

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status	DryRun Security Check
✅	AI-powered Sensitive Function Check
✅	Configured Sensitive Files Check
✅	AI-powered Sensitive Files Check

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

mtesauro

Approved

@Maffooch

* Bump boto3 from 1.34.6 to 1.34.8 (DefectDojo#9229) Bumps [boto3](https://github.com/boto/boto3) from 1.34.6 to 1.34.8. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.6...1.34.8) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump boto3 from 1.34.8 to 1.34.9 (DefectDojo#9237) Bumps [boto3](https://github.com/boto/boto3) from 1.34.8 to 1.34.9. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.8...1.34.9) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump coverage from 7.3.4 to 7.4.0 (DefectDojo#9239) Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.4 to 7.4.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.3.4...7.4.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump djangosaml2 from 1.8.0 to 1.9.0 (DefectDojo#9238) Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/IdentityPython/djangosaml2/releases) - [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES) - [Commits](IdentityPython/djangosaml2@v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: djangosaml2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python-gitlab from 4.2.0 to 4.3.0 (DefectDojo#9236) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v4.2.0...v4.3.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq Docker tag from 3.12.10 to v3.12.11 (docker-compose.yml) (DefectDojo#9233) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump openapitools/openapi-generator-cli from v7.1.0 to v7.2.0 (DefectDojo#9218) Bumps openapitools/openapi-generator-cli from v7.1.0 to v7.2.0. --- updated-dependencies: - dependency-name: openapitools/openapi-generator-cli dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump nginx from `3923f8d` to `a59278f` (DefectDojo#9217) Bumps nginx from `3923f8d` to `a59278f`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🐛 fix issue DefectDojo#9221 (DefectDojo#9222) * Trivy: Add k8 cluster resource objects (DefectDojo#9215) * 🐛 fix issue DefectDojo#9170 * typo * update according to review comment * Pinning of django versions into a helm release (DefectDojo#9160) * Pin docker version * fix indent * Fix name for helm release action * 🎉 remove unnecessary unique_id_from_tool in settings.dist.py (DefectDojo#9188) * 🎉 unittest to help remove unnecessary lines in settings.dist.py * 🐛 fix according to unittest * update according to review comment * fix typos in importing documentation (DefectDojo#9093) * fix typos in importing documentation * update according to review comment * 🐛 fix error 500 for ssh-audit (DefectDojo#9228) * 🎉 implement ms defender parser DefectDojo#8908 (DefectDojo#9232) * 🎉 implement ms defender parser DefectDojo#8908 * flake8 * fix * fix * Drop DEV branch from release-drafter (DefectDojo#9230) There are no releases on the `dev` branch * Improve Request Review Notifications (DefectDojo#9227) * Parser - Black Duck Binary Analysis (DefectDojo#9163) * Initial implementation of Black Duck Binary Analysis Parser * Initial implementation of Black Duck Binary Analysis Parser * Initial implementation of Black Duck Binary Analysis Parser #flake8 * Initial implementation of Black Duck Binary Analysis Parser #dedupe_algo * Initial implementation of Black Duck Binary Analysis Parser #dedupe_algo_bugfix * Initial implementation of Black Duck Binary Analysis Parser #extend_unittests_and_integrate_sha1_into_title * Initial implementation of Black Duck Binary Analysis Parser #extend_unittests_include_report_path * Initial implementation of Black Duck Binary Analysis Parser - update title since CVE can sometimes be blank (i.e. replacing CVE w/ Object SHA1) * Initial implementation of Black Duck Binary Analysis Parser - settings.dist.py #tweak * Initial implementation of Black Duck Binary Analysis Parser - parser.py, #bugfix in mismatched title * Initial implementation of Black Duck Binary Analysis Parser - Make Dedupe more resilient as it's also possible to have the same components in different object paths despite being the same object * Initial implementation of Black Duck Binary Analysis Parser - parser.py, #bugfix in mismatched description * Initial implementation of Black Duck Binary Analysis Parser - parser.py, slight tweak in description * Initial implementation of Black Duck Binary Analysis Parser - Make Dedupe more resilient as it's also possible for the same components in the same object full path to have different CVEs. There's also circumstances in which a component may not have a CVE. * Initial implementation of Black Duck Binary Analysis Parser - Slight tweak in Dedupe verification. Rely upon Object SHA1 in unique_id_from_tool field instead of including the object SHA1 in the title (i.e. reduce characters in title and make more readable). * Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation * Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation #bugfix * Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation #flake8 * Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score. Otherwise, populate severity justification w/ CVSS2 vector and score * Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score. Otherwise, populate severity justification w/ CVSS2 vector and score #bugfix * Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score. Otherwise, populate severity justification w/ CVSS2 vector and score #bugfix2 * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info #bugfix * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info #simplify * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info #bugfixes * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info #more_bugfixes * Initial implementation of Black Duck Binary Analysis Parser - CVSSv2 vector massaging * Initial implementation of Black Duck Binary Analysis Parser - #bugfixes in unit tests. * Initial implementation of Black Duck Binary Analysis Parser - #bugfixes in unit tests...include get_unit_tests_path during import. * Initial implementation of Black Duck Binary Analysis Parser - #more_bugfixes in unit test * Initial implementation of Black Duck Binary Analysis Parser - Preserve original report name to include in description * Initial implementation of Black Duck Binary Analysis Parser - Preserve original report name to include in description #bugfix * Initial implementation of Black Duck Binary Analysis Parser - Enrich documentation * Initial implementation of Black Duck Binary Analysis Parser - 1. update unit test to check for expected fields.\n2. Update how dedupe is derived.\nImplement suggested changes per @Maffooch feedback. * Initial implementation of Black Duck Binary Analysis Parser - 1. unit test #tweak * Initial implementation of Black Duck Binary Analysis Parser - 1. unit test #tweak * Trivy: Improve package path parsing behavior (DefectDojo#9235) * 🐛 fix issue DefectDojo#9234 * retrigger failed pipeline with additional unittest * 🐛 fix typo for MSDefender in settings.dist.py (DefectDojo#9249) * Update versions in application files * Bump boto3 from 1.34.9 to 1.34.11 (DefectDojo#9254) Bumps [boto3](https://github.com/boto/boto3) from 1.34.9 to 1.34.11. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.9...1.34.11) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update release-x-manual-helm-chart.yml * Update release-x-manual-helm-chart.yml * Update versions in application files * Bump lxml from 4.9.4 to 5.0.0 (DefectDojo#9251) Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.12.11-alpine Docker digest from 3.12.11 to 3.12.11-alpine (docker-compose.yml) (DefectDojo#9240) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump sqlalchemy from 2.0.23 to 2.0.24 (DefectDojo#9244) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump drf-spectacular-sidecar from 2023.12.1 to 2024.1.1 (DefectDojo#9252) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update manusa/actions-setup-minikube action from v2.9.0 to v2.10.0 (.github/workflows/k8s-tests.yml) (DefectDojo#9257) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump sqlalchemy from 2.0.24 to 2.0.25 (DefectDojo#9266) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pillow from 10.1.0 to 10.2.0 (DefectDojo#9265) Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.1.0...10.2.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🐛 fix zap, issue DefectDojo#9242 (DefectDojo#9243) * 🐛 fix zap, issue DefectDojo#9242 * adapt identiation * API: Add Announcements (DefectDojo#9112) * Add Announcement to API * Add test_rest_framework * Add test_swagger_schema * Flake8 * Fix count * Skip test * Inc db_mig * Use DojoModelViewSet * inc db_mig * 🐛 None Type in cvss score in Trivy #9263e (DefectDojo#9268) * Feature: Add Auditlog Retention and Cleanup (DefectDojo#9208) * feat: add auditlog retention * linting: satisfy flake8 * fix: forgot imports in tasks.py * fix: add necessary test-data * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update dojo/tasks.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update test_flush_auditlog.py removed spaces * fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter --------- Co-authored-by: MarianG <marian.gawron@deutschebahn.com> Co-authored-by: kiblik <kiblik@gjh.sk> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Co-authored-by: Sever <dubravko.sever@pan-net.eu> Co-authored-by: kiblik <tomas@kubla.sk> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Co-authored-by: ninp0 <jake.hoopes@gmail.com> Co-authored-by: DefectDojo release bot <dojo-release-bot@users.noreply.github.com> Co-authored-by: MarianG <marian.gawron@gmail.com> Co-authored-by: MarianG <marian.gawron@deutschebahn.com> Co-authored-by: kiblik <kiblik@gjh.sk>

…d appropriate doc update 🐛 fix typo for MSDefender in settings.dist.py (DefectDojo#9249) Bump boto3 from 1.34.9 to 1.34.11 (DefectDojo#9254) Bumps [boto3](https://github.com/boto/boto3) from 1.34.9 to 1.34.11. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.9...1.34.11) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update versions in application files Update release-x-manual-helm-chart.yml Update release-x-manual-helm-chart.yml Update versions in application files Bump lxml from 4.9.4 to 5.0.0 (DefectDojo#9251) Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update rabbitmq:3.12.11-alpine Docker digest from 3.12.11 to 3.12.11-alpine (docker-compose.yml) (DefectDojo#9240) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Bump sqlalchemy from 2.0.23 to 2.0.24 (DefectDojo#9244) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump drf-spectacular-sidecar from 2023.12.1 to 2024.1.1 (DefectDojo#9252) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update manusa/actions-setup-minikube action from v2.9.0 to v2.10.0 (.github/workflows/k8s-tests.yml) (DefectDojo#9257) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> fix pep8 fix imports Bump sqlalchemy from 2.0.24 to 2.0.25 (DefectDojo#9266) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump pillow from 10.1.0 to 10.2.0 (DefectDojo#9265) Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.1.0...10.2.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> :bug: fix zap, issue DefectDojo#9242 (DefectDojo#9243) * 🐛 fix zap, issue DefectDojo#9242 * adapt identiation API: Add Announcements (DefectDojo#9112) * Add Announcement to API * Add test_rest_framework * Add test_swagger_schema * Flake8 * Fix count * Skip test * Inc db_mig * Use DojoModelViewSet * inc db_mig :bug: None Type in cvss score in Trivy #9263e (DefectDojo#9268) Feature: Add Auditlog Retention and Cleanup (DefectDojo#9208) * feat: add auditlog retention * linting: satisfy flake8 * fix: forgot imports in tasks.py * fix: add necessary test-data * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update dojo/tasks.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update test_flush_auditlog.py removed spaces * fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter --------- Co-authored-by: MarianG <marian.gawron@deutschebahn.com> Co-authored-by: kiblik <kiblik@gjh.sk> fix doc

* add bitbucket support for Finging view scm urls, some tests for it and appropriate doc update :bug: fix typo for MSDefender in settings.dist.py (#9249) Bump boto3 from 1.34.9 to 1.34.11 (#9254) Bumps [boto3](https://github.com/boto/boto3) from 1.34.9 to 1.34.11. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.9...1.34.11) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update versions in application files Update release-x-manual-helm-chart.yml Update release-x-manual-helm-chart.yml Update versions in application files Bump lxml from 4.9.4 to 5.0.0 (#9251) Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update rabbitmq:3.12.11-alpine Docker digest from 3.12.11 to 3.12.11-alpine (docker-compose.yml) (#9240) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Bump sqlalchemy from 2.0.23 to 2.0.24 (#9244) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump drf-spectacular-sidecar from 2023.12.1 to 2024.1.1 (#9252) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update manusa/actions-setup-minikube action from v2.9.0 to v2.10.0 (.github/workflows/k8s-tests.yml) (#9257) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> fix pep8 fix imports Bump sqlalchemy from 2.0.24 to 2.0.25 (#9266) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump pillow from 10.1.0 to 10.2.0 (#9265) Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.1.0...10.2.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> :bug: fix zap, issue #9242 (#9243) * 🐛 fix zap, issue #9242 * adapt identiation API: Add Announcements (#9112) * Add Announcement to API * Add test_rest_framework * Add test_swagger_schema * Flake8 * Fix count * Skip test * Inc db_mig * Use DojoModelViewSet * inc db_mig :bug: None Type in cvss score in Trivy #9263e (#9268) Feature: Add Auditlog Retention and Cleanup (#9208) * feat: add auditlog retention * linting: satisfy flake8 * fix: forgot imports in tasks.py * fix: add necessary test-data * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update dojo/tasks.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update test_flush_auditlog.py removed spaces * fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter --------- Co-authored-by: MarianG <marian.gawron@deutschebahn.com> Co-authored-by: kiblik <kiblik@gjh.sk> fix doc * Update docs/content/en/integrations/source-code-repositories.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/integrations/source-code-repositories.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update dojo/models.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update dojo/models.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --------- Co-authored-by: DVSutyagin <dvsutyagin@greenatom.ru> Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>

* add bitbucket support for Finging view scm urls, some tests for it and appropriate doc update :bug: fix typo for MSDefender in settings.dist.py (DefectDojo#9249) Bump boto3 from 1.34.9 to 1.34.11 (DefectDojo#9254) Bumps [boto3](https://github.com/boto/boto3) from 1.34.9 to 1.34.11. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.9...1.34.11) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update versions in application files Update release-x-manual-helm-chart.yml Update release-x-manual-helm-chart.yml Update versions in application files Bump lxml from 4.9.4 to 5.0.0 (DefectDojo#9251) Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update rabbitmq:3.12.11-alpine Docker digest from 3.12.11 to 3.12.11-alpine (docker-compose.yml) (DefectDojo#9240) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Bump sqlalchemy from 2.0.23 to 2.0.24 (DefectDojo#9244) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump drf-spectacular-sidecar from 2023.12.1 to 2024.1.1 (DefectDojo#9252) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update manusa/actions-setup-minikube action from v2.9.0 to v2.10.0 (.github/workflows/k8s-tests.yml) (DefectDojo#9257) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> fix pep8 fix imports Bump sqlalchemy from 2.0.24 to 2.0.25 (DefectDojo#9266) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump pillow from 10.1.0 to 10.2.0 (DefectDojo#9265) Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.1.0...10.2.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> :bug: fix zap, issue DefectDojo#9242 (DefectDojo#9243) * 🐛 fix zap, issue DefectDojo#9242 * adapt identiation API: Add Announcements (DefectDojo#9112) * Add Announcement to API * Add test_rest_framework * Add test_swagger_schema * Flake8 * Fix count * Skip test * Inc db_mig * Use DojoModelViewSet * inc db_mig :bug: None Type in cvss score in Trivy #9263e (DefectDojo#9268) Feature: Add Auditlog Retention and Cleanup (DefectDojo#9208) * feat: add auditlog retention * linting: satisfy flake8 * fix: forgot imports in tasks.py * fix: add necessary test-data * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update dojo/tasks.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update test_flush_auditlog.py removed spaces * fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter --------- Co-authored-by: MarianG <marian.gawron@deutschebahn.com> Co-authored-by: kiblik <kiblik@gjh.sk> fix doc * Update docs/content/en/integrations/source-code-repositories.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/integrations/source-code-repositories.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update dojo/models.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update dojo/models.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --------- Co-authored-by: DVSutyagin <dvsutyagin@greenatom.ru> Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 1, 2024

mtesauro approved these changes Jan 2, 2024

View reviewed changes

cneill approved these changes Jan 2, 2024

View reviewed changes

mtesauro merged commit af66030 into dev Jan 2, 2024

dependabot Bot deleted the dependabot/pip/dev/lxml-5.0.0 branch January 2, 2024 18:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump lxml from 4.9.4 to 5.0.0#9251

Bump lxml from 4.9.4 to 5.0.0#9251
mtesauro merged 1 commit into
devfrom
dependabot/pip/dev/lxml-5.0.0

dependabot Bot commented on behalf of github Jan 1, 2024

Uh oh!

dryrunsecurity Bot commented Jan 1, 2024

Uh oh!

mtesauro left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github Jan 1, 2024

5.0.0 (2023-12-29)

Features added

Bugs fixed

Other changes

Uh oh!

dryrunsecurity Bot commented Jan 1, 2024

Contextual Security Analysis

Uh oh!

mtesauro left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants