Release: Merge release into master from: release/2.32.0#9676
Merged
Conversation
…0-dev Release: Merge back 2.31.0 into dev from: master-into-dev/2.31.0-2.32.0-dev
…thub/workflows/release-drafter.yml) (#9460) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [pytz](https://github.com/stub42/pytz) from 2023.4 to 2024.1. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2023.4...release_2024.1) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/jazzband/django-debug-toolbar/releases) - [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst) - [Commits](django-commons/django-debug-toolbar@4.2...4.3) --- updated-dependencies: - dependency-name: django-debug-toolbar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps nginx from `d12e6f7` to `f2802c2`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…9481) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…alpine (docker-compose.yml) (#9458) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.32 to 1.34.35. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.32...1.34.35) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…9459) * Update dependency ruff from 0.1.15 to v0.2.1 (requirements-lint.txt) * Fix ruff warning (#9461) * Update dependency ruff from 0.1.15 to v0.2.0 (requirements-lint.txt) * fix ruff warning --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: kiblik <tomas@kubla.sk> Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
…from cvss module when a CVSS vector string should evaluate to "Info" (#9453) * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string evaluates to "Info" * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string evaluates to "Info" #flake8_fix
* Rename unittest * Define exceptions for now * Announcement was implemented
…r checks (#9435) * Fix unittests with assertRaises * Replace assertTrue/False with better checks * Fixes
* 🐛 fix wfuzz, issue #7863 * add 302 * update docs
* Set PYTHONWARNINGS=error * Add basic filterwarnings * Mute some warnings * Mute one more warning
Bumps [vulners]() from 2.1.2 to 2.1.5. --- updated-dependencies: - dependency-name: vulners dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Override default Django APPEND_SLASH * Update dojo/settings/settings.dist.py
* improvement for wazuh importer * 🔧 change on dedupe for Wazuh * 🔧 change on dedupe for Wazuh * 📝 * ✏️ * 📝 * 📝 * flake8 * 🎉 recoded wazuh importer to support endpoints * ✅ adjusted unittests * 📝 * ✏️ * ✏️ --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
…alpine (docker-compose.yml) (#9501) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…9502) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
#9517) * Modifying Bugcrowd API Parser to align to vendor documentation on what the not_applicable state means. It is now active == False and severity == 'Info'. [sc-4217] * fixing Flake8 errors * fixing Flake8 errors, part deux
* add unittestfile for issue 9618 * 🐛 fix severity Key Error * add unittest * flake8 * shrink unittestfile * fix unittest * shrink unittestfile * fix unittest
* Add support for findings with a GHSA but no CVE * Update unit test to handle case with GHSA but no CVE * Format JSON so it's human readable * Also populate the CVE field to be as flexible as possible * Unit tests to check cve value * Add new line at bottom of file to fix linting issue
* add unittest file * add unittest * adapt parser * fix unittest * flake8
* 🔨 restructure openvas parser * adapt csv parser * fix csv parser * fix xml parser * flake8
* 🔨 restructure clair parser * refactor clair * refactor clairklar * update * flake8
* ✨ implement osv-scanner, #7321 * add unittest files * add unittests * 🚧 basic setup * add docs * flake8 * 🚧 not finished yet * update * add finding fields * fix finding fields * add severity * fix severity * fix reference * add unittests * fix unittest * flake8 * add setting
* resolve doing, remove dead code * more dead code * ruff linter * remove unnecessary todo
|
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🔴 Risk threshold exceeded. Adding a reviewer if one is configured in notification list: @mtesauro @grendel513 Tip Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example... Powered by DryRun Security |
github-actions
Bot
added
docker
New Migration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release triggered by
Maffooch