Release: Merge release into master from: release/2.31.0#9483
Merged
Conversation
Bumps [boto3](https://github.com/boto/boto3) from 1.34.9 to 1.34.11. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.9...1.34.11) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…0-dev Release: Merge back 2.30.0 into dev from: master-into-dev/2.30.0-2.31.0-dev
Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…alpine (docker-compose.yml) (#9240) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…github/workflows/k8s-tests.yml) (#9257) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.1.0...10.2.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add Announcement to API * Add test_rest_framework * Add test_swagger_schema * Flake8 * Fix count * Skip test * Inc db_mig * Use DojoModelViewSet * inc db_mig
* feat: add auditlog retention * linting: satisfy flake8 * fix: forgot imports in tasks.py * fix: add necessary test-data * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update dojo/tasks.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update test_flush_auditlog.py removed spaces * fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter --------- Co-authored-by: MarianG <marian.gawron@deutschebahn.com> Co-authored-by: kiblik <kiblik@gjh.sk>
* feat: add cvss value to finding and only overwrite values if not already set This is because of XML Report Layout of Qualys. It has CVSS Values on concrete Finding and in the Knowledgebase. The values in the concrete Finding are more accurate and are parsed at first. It would be much better to stick with those values and only use the ones from the Knowledgebase if CVSS values from concrete finding are missing * linting: flake8 * feat: add unit-test for cvss_score field * remove unnecessary loop Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update test_qualys_parser.py for linting --------- Co-authored-by: MarianG <marian.gawron@deutschebahn.com> Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.11 to 1.34.12. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.11...1.34.12) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…9281) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.13.1 to 0.13.2. - [Release notes](https://github.com/package-url/packageurl-python/releases) - [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) - [Commits](package-url/packageurl-python@v0.13.1...v0.13.2) --- updated-dependencies: - dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.12 to 1.34.13. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.12...1.34.13) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ocker-compose.yml) (#9283) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…PI endpoints (#8707) * Set Development default environment (new import) * fix flake8 issue * Trivy parser includes causeMetadata in findings description * Fix System Settings Required Fields Jira * remove print * flake code * merge * merge * Add apply tags to findings to importer and reimporter functions * fix changes * Addedd to import scan and reimport scan functions the apply tags parameter * fix validations * remove default true in importscan serializer * fix error in testing tags * added apply tag to findings parameter to UI * removed unnecessary lines --------- Co-authored-by: Felix Hernandez <felixfhdez15@gmail.com>
…0-dev Release: Merge back 2.30.1 into dev from: master-into-dev/2.30.1-2.31.0-dev
…ml) (#9288) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/package-url/packageurl-python/releases) - [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) - [Commits](package-url/packageurl-python@v0.13.2...v0.13.3) --- updated-dependencies: - dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [jira](https://github.com/pycontribs/jira) from 3.5.2 to 3.6.0. - [Release notes](https://github.com/pycontribs/jira/releases) - [Changelog](https://github.com/pycontribs/jira/blob/main/RELEASE.md) - [Commits](pycontribs/jira@3.5.2...3.6.0) --- updated-dependencies: - dependency-name: jira dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.13 to 1.34.14. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.13...1.34.14) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ocker-compose.yml) (#9291) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [lxml](https://github.com/lxml/lxml) from 5.0.0 to 5.1.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-5.0.0...lxml-5.1.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…alpine (docker-compose.yml) (#9447) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ocker-compose.yml) (#9446) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* init parser * fix filename * add testcase * Update docs * strip severity beforce compare * rebase from upstream/dev * remove not need newline * fix flake8 * Update docs * update recommend version * add recommend version in parser description --------- Co-authored-by: biennd4 <biennd4@vcs.com>
* Changing name of Whitestone to Mend * adding migrations * renamed migration to next number * adding upgrade info and breaking change warning * addressing comments * copy paste typo fixed * Update documentation number * Update migration --------- Co-authored-by: Jay Paz <jpaz@optaros.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Update and rename whitesource.md to mend.md * Update docs/content/en/integrations/parsers/file/mend.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --------- Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
…9116) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.31 to 1.34.32. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.31...1.34.32) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2024.1.1 to 2024.2.1. - [Commits](tfranzel/drf-spectacular-sidecar@2024.1.1...2024.2.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* addition of sla expiration date field on the finding model * add migration and fix indentation issue * fix mitigated finding remaining sla days calculation * fix sla violation filter to return only active, sla violating findings * migration system settings fix * fix mitigation date vs datetime discrepancy * fix breaking unit test * move product save check to signal * fix unit test failure * make signal operations async, fix sla config delete 500 error * add unit tests to test sla expiration date functionality * restarting without signals * add async updating flags, redo migration * move signal logic to overriden save * fix errors for non-existing objects at creation * clean up comments and a few logical expressions * fix flake8 error * addition of new unit tests * fix unit test error * add message to form fields when async updating flag is true * fix save location, reword form messages, reword redirect messages * remove commented lines from unit tests * add a bit more description to API validation errors * migration fix * migration performance improvements * fix datetime - str comparison issue * clean up for part one of sla expiration date field * fix flake8 * Update dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update dojo/models.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --------- Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
Merge Bugfix Into Dev: 2.31.0
github-actions
Bot
added
docker
New Migration
| { | ||
| "name": "defectdojo", | ||
| "version": "2.30.4", | ||
| "version": "3.31.0", |
Contributor
There was a problem hiding this comment.
I believe this to be corrected:
- versions have been updated on master in all the places
- docker images have been republished with 3.x versions removed
- helm chart has been republished
- bugfix and dev left alone as they have
2.32.0-devversions
Maffooch
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release triggered by
Maffooch