Bump boto3 from 1.24.55 to 1.25.0 #7022

dependabot · 2022-10-25T12:00:41Z

Bumps boto3 from 1.24.55 to 1.25.0.

Changelog

1.25.0

feature:Endpoints: [botocore] Implemented new endpoint ruleset system to dynamically derive endpoints and settings for services

api-change:acm-pca: [botocore] AWS Private Certificate Authority (AWS Private CA) now offers usage modes which are combination of features to address specific use cases.

api-change:batch: [botocore] This release adds support for AWS Batch on Amazon EKS.

api-change:datasync: [botocore] Added support for self-signed certificates when using object storage locations; added BytesCompressed to the TaskExecution response.

api-change:sagemaker: [botocore] SageMaker Inference Recommender now supports a new API ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an inference recommendation job.

1.24.96

api-change:cognito-idp: [botocore] This release adds a new "DeletionProtection" field to the UserPool in Cognito. Application admins can configure this value with either ACTIVE or INACTIVE value. Setting this field to ACTIVE will prevent a user pool from accidental deletion.

api-change:sagemaker: [botocore] CreateInferenceRecommenderjob API now supports passing endpoint details directly, that will help customers to identify the max invocation and max latency they can achieve for their model and the associated endpoint along with getting recommendations on other instances.

1.24.95

api-change:devops-guru: [botocore] This release adds information about the resources DevOps Guru is analyzing.

api-change:globalaccelerator: [botocore] Global Accelerator now supports AddEndpoints and RemoveEndpoints operations for standard endpoint groups.

api-change:resiliencehub: [botocore] In this release, we are introducing support for regional optimization for AWS Resilience Hub applications. It also includes a few documentation updates to improve clarity.

api-change:rum: [botocore] CloudWatch RUM now supports Extended CloudWatch Metrics with Additional Dimensions

1.24.94

api-change:chime-sdk-messaging: [botocore] Documentation updates for Chime Messaging SDK

api-change:cloudtrail: [botocore] This release includes support for exporting CloudTrail Lake query results to an Amazon S3 bucket.

api-change:config: [botocore] This release adds resourceType enums for AppConfig, AppSync, DataSync, EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.

api-change:connect: [botocore] This release adds API support for managing phone numbers that can be used across multiple AWS regions through telephony traffic distribution.

api-change:events: [botocore] Update events client to latest version

api-change:managedblockchain: [botocore] Adding new Accessor APIs for Amazon Managed Blockchain

api-change:s3: [botocore] Updates internal logic for constructing API endpoints. We have added rule-based endpoints and internal model parameters.

api-change:s3control: [botocore] Updates internal logic for constructing API endpoints. We have added rule-based endpoints and internal model parameters.

api-change:support-app: [botocore] This release adds the RegisterSlackWorkspaceForOrganization API. You can use the API to register a Slack workspace for an AWS account that is part of an organization.

api-change:workspaces-web: [botocore] WorkSpaces Web now supports user access logging for recording session start, stop, and URL navigation.

1.24.93

api-change:frauddetector: [botocore] Documentation Updates for Amazon Fraud Detector

api-change:sagemaker: [botocore] This change allows customers to enable data capturing while running a batch transform job, and configure monitoring schedule to monitoring the captured data.

api-change:servicediscovery: [botocore] Updated the ListNamespaces API to support the NAME and HTTP_NAME filters, and the BEGINS_WITH filter condition.

api-change:sesv2: [botocore] This release allows subscribers to enable Dedicated IPs (managed) to send email via a fully managed dedicated IP experience. It also adds identities' VerificationStatus in the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs counts in the response of ListImportJobs API.

... (truncated)

Commits

6f5a9b0 Merge branch 'release-1.25.0'
d175bc3 Bumping version to 1.25.0
89fa9a4 Add changelog entries from botocore
dd44c77 Merge branch 'release-1.24.96'
292fc9f Merge branch 'release-1.24.96' into develop
0fccf2e Bumping version to 1.24.96
d28dfe9 Add changelog entries from botocore
4bfce54 Merge branch 'release-1.24.95'
0551612 Merge branch 'release-1.24.95' into develop
1421120 Bumping version to 1.24.95
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.55 to 1.25.0. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.24.55...1.25.0) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

mtesauro

Approved

Bumps [boto3](https://github.com/boto/boto3) from 1.24.55 to 1.25.0. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.24.55...1.25.0) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* adapted the helm chart of initializer-job.yaml to allow for metadata … (#6730) * adapted the helm chart of initializer-job.yaml to allow for metadata annotations * adapted the helm chart of initializer-job.yaml to run after install or upgrade * fixed typo initializerKeepSeconds to initializer.keepSeconds * renamed to jobAnnotations and moved helm hook to template values * indent fix * indent fix * Design fixes to footer, tags input, and filters snippet (#6751) * Design fixes to footer, tags input, and filters * Update dojo.css * Update base.html * Bump google-api-python-client from 2.57.0 to 2.58.0 (#6757) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.57.0 to 2.58.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.57.0...v2.58.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6755) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Fix assignee bug in JIRA view (#6741) * Fix assignee bug in JIRA view * Update dojo/jira_link/views.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Bump google-auth from 2.10.0 to 2.11.0 (#6745) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.10.0 to 2.11.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.10.0...v2.11.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update local_settings.py description * Update configuration.md * Corrected deduplication settings for Twistlock Reports (#6777) * Update versions in application files * Update Chart.yaml * Update version files * Forgot a number * Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.31.2 to v1.32.0 (helm/defectdojo/values.yaml) (#6823) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump cryptography from 37.0.4 to 38.0.1 (#6822) Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.4 to 38.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/37.0.4...38.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.10.7-alpine Docker digest from 3.10.7 to 3.10.7-alpine (docker-compose.yml) (#6821) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6820) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update nginx/nginx-prometheus-exporter Docker tag from 0.10.0 to v0.11.0 (helm/defectdojo/values.yaml) (#6818) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump sqlalchemy from 1.4.40 to 1.4.41 (#6813) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.40 to 1.4.41. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.58.0 to 2.60.0 (#6812) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.58.0 to 2.60.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.58.0...v2.60.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update actions/checkout action from v2 to v3 (.github/workflows/submodule-update.yml) (#6805) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump jira from 3.4.0 to 3.4.1 (#6800) Bumps [jira](https://github.com/pycontribs/jira) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/pycontribs/jira/releases) - [Commits](https://github.com/pycontribs/jira/compare/3.4.0...3.4.1) --- updated-dependencies: - dependency-name: jira dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump djangosaml2 from 1.5.1 to 1.5.2 (#6799) Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.1 to 1.5.2. - [Release notes](https://github.com/IdentityPython/djangosaml2/releases) - [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES) - [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.1...v1.5.2) --- updated-dependencies: - dependency-name: djangosaml2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-slack from 5.17.8 to 5.18.0 (#6789) Bumps [django-slack](https://github.com/lamby/django-slack) from 5.17.8 to 5.18.0. - [Release notes](https://github.com/lamby/django-slack/releases) - [Commits](https://github.com/lamby/django-slack/compare/5.17.8...5.18.0) --- updated-dependencies: - dependency-name: django-slack dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump vcrpy from 4.2.0 to 4.2.1 (#6785) Bumps [vcrpy](https://github.com/kevin1024/vcrpy) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/kevin1024/vcrpy/releases) - [Changelog](https://github.com/kevin1024/vcrpy/blob/master/docs/changelog.rst) - [Commits](https://github.com/kevin1024/vcrpy/compare/v4.2.0...v4.2.1) --- updated-dependencies: - dependency-name: vcrpy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jquery from 3.6.0 to 3.6.1 in /components (#6766) Bumps [jquery](https://github.com/jquery/jquery) from 3.6.0 to 3.6.1. - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](https://github.com/jquery/jquery/compare/3.6.0...3.6.1) --- updated-dependencies: - dependency-name: jquery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python-gitlab from 3.8.1 to 3.9.0 (#6765) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.8.1 to 3.9.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.8.1...v3.9.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Corrected deduplication settings for anchore enterprise policy checks (#6770) * Set finding to inactivate after creation of risk acceptance (#6780) * Auth: Add RemoteUser implementation (#6782) * Add RemoteUser implementation * Add documentation * Add support also for API * Fix bug that caused scan imports to fail (#6775) * Adding Closed Notes to Jira (#6806) current condition : All notes that we sent through the finding detail are sent to jira. But, the closed notes we sent when we close the finding is not sent to jira even if that notes are saved to the finding notes in the finding detail page. proposed changes : sent the close finding notes to jira also * Sort findings in notifications (#6817) * Sorting by severity after add/update * Sorting out * Sorting by severity after add/update * Sorting out * Translate metrics (#6819) * Prepared translate for metrics pages * Fix flake8 notice Co-authored-by: Дмитрий Муковкин <d.mukovkin@cft.ru> * Update the text that slack notification shows (#6825) * Update the text that slack notification shows Currently, when a test is added and slack notification is enable is showed: "New test added for engagement {engament.product}" I suggest adding the engament name to this phrase: " New test added for engagement {{engagement.name }} in product {{ engagement.produc}}" * corrected typo in product corrected typo in product * #6620 Create API importer for Bugcrowd (#6621) * Create API importer for Bugcrowd * Fix linting * Documentation update * Implement URI extraction via regex, pagination fetch loop, switch to unique id from tool deduplication alg * Update api_client.py * Various fixes * Fix dateutil parse and auth header * Fix linting * Switch to session * Implement unit testing - WIP * Bugcrowd api importer unit tests * Fix flake8 * Simplify parameterization for bugcrowd JSONAPI format * Fix urlencoding and loop for pagination * Implement generator api client * v3 of fetcher with multithreading * Linting with Black, test data changed for generator function, fix tests * fix pep8 and add ignore W503 in flake8 * remove json from test * Use logger for endpoint parsing errors, without breaking parser * Strip bug url to improve endpoint parsing * Remove regex usage * Handle endpoint uri a bit better * use logger error for endpoint converting * Improve requests exception handling * Remove regexes, convert_endpoint function * Raise exeptions for responses and connection tests * Do not save broken endpoints, add cleaning in tests * Align to dev branch * Named ValidationError exceptions * Fix conflicts * Fix conflicts * Add response text in error message * Fix liniting * Update __init__.py Co-authored-by: Damien Carol <damien.carol@gmail.com> * Bump numpy from 1.23.2 to 1.23.3 (#6830) Bumps [numpy](https://github.com/numpy/numpy) from 1.23.2 to 1.23.3. - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst) - [Commits](https://github.com/numpy/numpy/compare/v1.23.2...v1.23.3) --- updated-dependencies: - dependency-name: numpy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-extensions from 3.2.0 to 3.2.1 (#6831) Bumps [django-extensions](https://github.com/django-extensions/django-extensions) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/django-extensions/django-extensions/releases) - [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md) - [Commits](https://github.com/django-extensions/django-extensions/compare/3.2.0...3.2.1) --- updated-dependencies: - dependency-name: django-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye (#6832) Bumps python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency autoprefixer from 10.4.8 to v10.4.10 (docs/package.json) (#6828) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix npm audit JFrog Artifactory import bug (#6786) * fix npm audit JFrog Artifactory import bug * added unittest to ensure the npm parser error having a cwe: null will not happen again * fixed wrong assertion * Optimize metrics (#6798) * Optimize metric pages * Fix design in metrics.html page * Fixed counting for active_per_period parameter in get_period_counts method * Fixed unittest test_metrics_queries.py Co-authored-by: Дмитрий Муковкин <d.mukovkin@cft.ru> * switch to Has Capabilities (#6759) * switch to Has Capabilities * Address Ingress object * Center the "No Endpoints" text to match the other objects (#6851) * Center the "No Endpoints" text to match the other objects * Update endpoints.html * Fix simple search width (#6850) * Added questionnaire functionality documentation * Fixed bleach clean issue with display tag * Fix simple search width * Fixed simple search width * Update release automation to fix helm issues, Bump versions (#6849) * Replace documentation links (#6764) * Replace documentation links, Remove local documentation workflows * Fix flake8? * Maybe this is it> * Restore gh-pages workflow * Fixed bleach clean not allowing links in descriptions (#6848) * Added questionnaire functionality documentation * Fixed bleach clean issue with display tag * Fixed links in descriptions being cleaned by bleach * API Cleanup: Set sane defaults for non required fields and safely retrieve results (#6847) * API Cleanup: Set san defaults for non required fields and safely retrieve results * Correct unit tests * Added questionnaire functionality documentation (#6846) * Update helm chart test * Update versions in application files * Bump google-auth-oauthlib from 0.5.2 to 0.5.3 (#6843) Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.2 to 0.5.3. - [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md) - [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.2...v0.5.3) --- updated-dependencies: - dependency-name: google-auth-oauthlib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update release-drafter/release-drafter action from v5.20.1 to v5.21.0 (.github/workflows/release-drafter.yml) (#6842) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency autoprefixer from 10.4.10 to v10.4.11 (docs/package.json) (#6841) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump drf-spectacular from 0.23.1 to 0.24.0 (#6838) Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.23.1 to 0.24.0. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.23.1...0.24.0) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix log_user_login_failed is username is missing (#6854) * Parse mitigation status for Veracode SCA findings (#6855) * Bump packageurl-python from 0.10.1 to 0.10.3 (#6856) Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.1 to 0.10.3. - [Release notes](https://github.com/package-url/packageurl-python/releases) - [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) - [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.1...v0.10.3) --- updated-dependencies: - dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(helm): fix postgresql svc name (#6816) * Update celery-beat-deployment.yaml updated celery-beat-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs * Update celery-worker-deployment.yaml updated celery-worker-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs * Update django-deployment.yaml updated django-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs * Update celery-beat-deployment.yaml fixed helm lint problems * Update celery-worker-deployment.yaml fixed helm lint problems * Update django-deployment.yaml fixed helm lint problems * Bump pyjwt from 2.4.0 to 2.5.0 (#6860) Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bugfixes for Github Vulnerability Parser (#6870) * Add checks for anonymous users in auth model (#6869) * Add checks for anonymous users in auth model * Change type of failure for queries object * Fix Flake8 * Update versions in application files * Update versions in application files * added Null value check in vectorString of Github Scan (Credit @L3m0nb4tt3ry) (#6879) * Update test-helm-chart.yml * SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning (#6880) * SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning * Correct the removed find project capability * Update versions in application files * Update versions in application files * Bump google-auth from 2.11.0 to 2.11.1 (#6863) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.0...v2.11.1) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency autoprefixer from 10.4.11 to v10.4.12 (docs/package.json) (#6868) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump djangosaml2 from 1.5.2 to 1.5.3 (#6877) Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.2 to 1.5.3. - [Release notes](https://github.com/IdentityPython/djangosaml2/releases) - [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES) - [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.2...v1.5.3) --- updated-dependencies: - dependency-name: djangosaml2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update redis Docker tag from 7.0.4 to v7.0.5 (docker-compose.yml) (#6887) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update celery-beat-deployment.yaml * Update celery-worker-deployment.yaml * Update django-deployment.yaml * Bump drf-spectacular from 0.24.0 to 0.24.2 (#6909) Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.24.0 to 0.24.2. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.24.0...0.24.2) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump drf-yasg from 1.21.3 to 1.21.4 (#6908) Bumps [drf-yasg](https://github.com/axnsan12/drf-yasg) from 1.21.3 to 1.21.4. - [Release notes](https://github.com/axnsan12/drf-yasg/releases) - [Changelog](https://github.com/axnsan12/drf-yasg/blob/1.21.4/docs/changelog.rst) - [Commits](https://github.com/axnsan12/drf-yasg/compare/1.21.3...1.21.4) --- updated-dependencies: - dependency-name: drf-yasg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq Docker tag from 3.10.7 to v3.11.0 (docker-compose.yml) (#6905) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency postcss-cli from 9.1.0 to v10 (docs/package.json) (#6903) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump django-debug-toolbar from 3.6.0 to 3.7.0 (#6900) Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/jazzband/django-debug-toolbar/releases) - [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst) - [Commits](https://github.com/jazzband/django-debug-toolbar/compare/3.6...3.7) --- updated-dependencies: - dependency-name: django-debug-toolbar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump humanize from 4.3.0 to 4.4.0 (#6884) Bumps [humanize](https://github.com/python-humanize/humanize) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/python-humanize/humanize/releases) - [Commits](https://github.com/python-humanize/humanize/compare/4.3.0...4.4.0) --- updated-dependencies: - dependency-name: humanize dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump easymde from 2.16.1 to 2.18.0 in /components (#6872) Bumps [easymde](https://github.com/Ionaru/easy-markdown-editor) from 2.16.1 to 2.18.0. - [Release notes](https://github.com/Ionaru/easy-markdown-editor/releases) - [Changelog](https://github.com/Ionaru/easy-markdown-editor/blob/master/CHANGELOG.md) - [Commits](https://github.com/Ionaru/easy-markdown-editor/compare/2.16.1...2.18.0) --- updated-dependencies: - dependency-name: easymde dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update stefanzweifel/git-auto-commit-action action from v4.14.1 to v4.15.0 (.github/workflows/release-3-master-into-dev.yml) (#6895) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6902) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.60.0 to 2.63.0 (#6910) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.60.0 to 2.63.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.60.0...v2.63.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump djangorestframework from 3.13.1 to 3.14.0 (#6883) Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.13.1 to 3.14.0. - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](https://github.com/encode/django-rest-framework/compare/3.13.1...3.14.0) --- updated-dependencies: - dependency-name: djangorestframework dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Mitigate Veracode SourceClear findings with "Fixed" status (#6876) * Added parser for new report format of AnchoreCTL (Anchore Enterprise Engine's new CLI Tool) (#6874) * Added parser for anchore engine reports exported with AnchoreCTL * Added parser for policy results from anchoreCTL, renamed vuln parser * Adjusted name of class to avoid conflicts * Corrected wrong key * Adjusted syntax errors * Added unit tests, fixed unit tests * Removed explicit platform definition in docker-compose * Corrected dedup settings * Removed author info * Fixing broken report generation when more than one item is selected (#6906) * Fix error when promoting stub finding to JIRA (#6898) * Fix improper reactivation in reimporter, using is_mitigated (#6885) * Fix improper reactivation in reimporter, using is_mitigated https://github.com/DefectDojo/django-DefectDojo/pull/6452 * Update reimporter.py * Fix accepted by name (#6867) * Update view_risk_acceptance.html Remove get_full_name from accepted_by as it's free text not a user * Update view_eng.html Remove get_full_name from accepted_by as it's free text not a user * Fix url creation for github for file location (#6888) * [FIX] JQuery Error on Edit Finding (#6619) * Bug Fix (JQuery Error) When editing a finding, a click on the "See Alerts" button at the right corner of the webpage will cause a JQuery JavaScript Error. Removing JQuery usage and using JS trim instead. * Update package.json * Update __init__.py * Update pipeline.py * Update Chart.yaml * Update pipeline.py * Update views.py * Update __init__.py * Update views.py * Update pipeline.py * Update pipeline.py * tools: NeuVector: introducing NeuVector (REST) scan type (#6809) This commit adds the support of NeuVector (https://github.com/neuvector/neuvector) tool for importing scan results. Scan results can be exported via REST API in JSON format (that is why the tool is named 'NeuVector (REST)'). There is no GUI for that at the moment. Scan results are just a list of issues found in packages installed in a container or an image. Very similar to Twistlock. NeuVector also provides compliance scan results. This is not supported by the introduced tool. * Bump django-dbbackup from 4.0.1 to 4.0.2 (#6911) Bumps [django-dbbackup](https://github.com/jazzband/django-dbbackup) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/jazzband/django-dbbackup/releases) - [Changelog](https://github.com/jazzband/django-dbbackup/blob/master/docs/changelog.rst) - [Commits](https://github.com/jazzband/django-dbbackup/commits/4.0.2) --- updated-dependencies: - dependency-name: django-dbbackup dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-split-settings from 1.1.0 to 1.2.0 (#6914) Bumps [django-split-settings](https://github.com/sponsors/wemake-services) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/sponsors/wemake-services/releases) - [Commits](https://github.com/sponsors/wemake-services/commits) --- updated-dependencies: - dependency-name: django-split-settings dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump google-auth from 2.11.1 to 2.12.0 (#6913) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.1 to 2.12.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.1...v2.12.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update helm/chart-testing-action action from v2.3.0 to v2.3.1 (.github/workflows/test-helm-chart.yml) (#6915) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Estimated remediation date (#6302) * initial commit for branch * added bulk edit * code complete (I hope). Committing before adding tests * additional work to allow users to edit/add a planned remediation date * Typo on auto_create_context (#6291) * removed calendar icons in list view * pep8 fixes * pep8 fixes * pep8 again! * removed manually created migration file * auto-generated migration file * formatting fixes * pep8 fix * reran migrations and still getting changes for rule and child_rule * reran migrations * formatting changes * Update forms.py * updated find method for dom element * updated adhoc Finding form for bug fix * removing erroneous selenium config * updated promot finding form for bug fix * formatting fix * PR cleanups * rebase on latest dev * pep8 fixes * formatting fixes * formatting changes * updated adhoc Finding form for bug fix * PR cleanups * fixed bolded remediation date field * removed breaks and used CSS * pep8 fixes * pep8 fix * fixing bad migration * merging latest from dev * further merge fixes * css fixes for date picker * Update docker-compose.override.integration_tests.yml Co-authored-by: Chris Fort <chris.fort@lexisnexis.com> Co-authored-by: Bastian Hodapp <bastianhodapp@gmail.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Bump python-gitlab from 3.9.0 to 3.10.0 (#6912) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.9.0...v3.10.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add support for specifying custom JIRA fields (#6740) * Add support for specifying custom JIRA fields * Update and rename 0169_jira_project_custom_fields.py to 0170_jira_project_custom_fields.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Don't create finding JIRAs on a bulk update if we are creating a finding group JIRA (#6709) * Update dependency postcss from 8.4.16 to v8.4.17 (docs/package.json) (#6923) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add the ability to set JIRA labels per-product or engagement (#6720) * Add the ability to set JIRA labels per-product or engagement * Rename 0169_auto_20220816_1333.py to 0169_jira_labels_per_product_and_engagement.py * Delete 0170_jira_project_custom_fields.py * Update and rename 0169_jira_labels_per_product_and_engagement.py to 0171_jira_labels_per_product_and_engagement.py * Restore deleted migration * Fix spacing in migration to remove change from dif Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Added filter for existance of JIRA issue in finding (#6919) * Bump coverage from 6.4.4 to 6.5.0 (#6921) Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.4 to 6.5.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.4.4...6.5.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * changed type to regular django type to also pick up creation events (#6918) * changed type to regular django type to also pick up creation events from ldap and oauth * removed unused import * this event should be triggered for all user-types * fixed test to include the now created group/notification relations * Bugfixing when the Checkov report has no findings (#6097) * Bugfixing when the Checkov report has no findings # Current error log: [29/Mar/2022 11:55:54] ERROR [dojo.api_v2.exception_handler:26] 'check_type' Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch response = handler(request, *args, **kwargs) File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 19, in create self.perform_create(serializer) File "/app/./dojo/api_v2/views.py", line 1957, in perform_create serializer.save(push_to_jira=push_to_jira) File "/app/./dojo/api_v2/serializers.py", line 1246, in save test, finding_count, closed_finding_count = importer.import_scan(scan, scan_type, engagement, lead, environment, File "/app/./dojo/importers/importer/importer.py", line 349, in import_scan parsed_findings = parser.get_findings(scan, test) File "/app/./dojo/tools/checkov/parser.py", line 22, in get_findings check_type = tree['check_type'] KeyError: 'check_type' [29/Mar/2022 11:55:54] ERROR [django.request:224] Internal Server Error: /api/v2/import-scan/ ERROR:django.request:Internal Server Error: /api/v2/import-scan/ [pid: 1|app: 0|req: 2020/4117] 10.6.33.147 () {44 vars in 738 bytes} [Tue Mar 29 11:55:54 2022] POST /api/v2/import-scan/ => generated 59 bytes in 54 msecs (HTTP/1.1 500) 7 headers in 212 bytes (1 switches on core 1) * Fix to make the previous fix shorter. Co-authored-by: Daniel Velardez <dvelardez@afip.gob.ar> * added option to add labels using podLabels: {} * Bump django from 3.2.15 to 3.2.16 (#6938) Bumps [django](https://github.com/django/django) from 3.2.15 to 3.2.16. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/3.2.15...3.2.16) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * SonarQube API Importer: Add sonarcloud global org id, code clean up (#6928) * SonarQube API Importer: Add sonarcloud global org id, code clean up * Fix Flake8 * Add clause for non entered extras * Jira Webhook: Catch missing assignee field + code cleanup (#6929) * Add validation error when users attempt to send email without valid SMTP server (#6930) * Add validation error when users attempt send email without valid SMTP server * Be sure to close connection after opening it * Update views.py * TruffleHog: Add v3 support to original trufflehog parser (#6937) * TruffleHog: Add v3 support to originaly trufflehog parser * Remove extra printing * Flake8 * Update versions in application files * Add upgrade notes for 2.15.0 * Update versions in application files * Make doc update action only apply when docs are updated * Rev node version for gh-pages deploy * Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to 3.11.0-alpine (docker-compose.yml) (#6936) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump pytz from 2022.2.1 to 2022.4 (#6934) Bumps [pytz](https://github.com/stub42/pytz) from 2022.2.1 to 2022.4. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](https://github.com/stub42/pytz/commits) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Make version optional for cyclonedx (#6950) * Update tj-actions/changed-files action from v31 to v32 (.github/workflows/submodule-update.yml) (#6949) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.63.0 to 2.64.0 (#6946) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.63.0 to 2.64.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.63.0...v2.64.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Parse state, cwe and createdAt in the GitHub parser (#6945) * Update styfle/cancel-workflow-action action from 0.10.0 to v0.10.1 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6927) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update redis:7.0.5-alpine Docker digest from 7.0.5 to 7.0.5-alpine (docker-compose.yml) (#6953) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Rev actions to latest ubuntu version per https://github.com/actions/runner-images/issues/6002 (#6931) * Helm Chart: Create PVC as part of the Chart (#6271) * Create PVC as part of the Chart * Allow creating pvc or disabling it * Set pvc creation to false as default * Remove trailing spaces * Modify storage access mode and size * Update KUBERNETES.md to reflect storage accessMode * Fix linting issue * Modify pvc documentation in KUBERNETES.md * Bump psycopg2-binary from 2.9.3 to 2.9.4 (#6958) Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.3 to 2.9.4. - [Release notes](https://github.com/psycopg/psycopg2/releases) - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](https://github.com/psycopg/psycopg2/commits) --- updated-dependencies: - dependency-name: psycopg2-binary dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump gitpython from 3.1.27 to 3.1.28 (#6957) Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.27 to 3.1.28. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.27...3.1.28) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Fix] API - Tool Product Settings (#6170) (#6904) * Made the product editable on Tool_Product_Settings * Reverted the model change and modified the Tool_Product_Settings serializer to support specifying the product. * dojo: tool: introduce NeuVector compliance scans import support (#6947) This commit makes DefectDojo to support compliance scans performed by NeuVector. Such scan results can only be fetched via REST API using endpoints like /v1/scan/workload/{id} and /v1/host/{id}/compliance. The latter one returns the results in a slightly different format. Both of them are supported. * Bump nginx from `082f8c1` to `b87c350` (#6961) Bumps nginx from `082f8c1` to `b87c350`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pdfmake from 0.2.5 to 0.2.6 in /components (#6960) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.5 to 0.2.6. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.6/CHANGELOG.md) - [Commits](https://github.com/bpampuch/pdfmake/compare/0.2.5...0.2.6) --- updated-dependencies: - dependency-name: pdfmake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dojo: jira_link: improve error reporting when fetching Jira metadata (#6962) get_jira_meta() function in did not check if jira.createmeta() raises an exception. In case an exception was raised, it was not logged anyhow, the logs contained only "invalid JIRA Project Config.." message in DEBUG stream. This commit stores an error triggered by jira.createmeata() in logs and displays it to a user. The commit also slightly improves quotes formatting for debug-level error message. * Add the ability to specify the Epic name and priority in JIRA (#6768) * Update stefanzweifel/git-auto-commit-action action from v4.15.0 to v4.15.1 (.github/workflows/release-3-master-into-dev.yml) (#6964) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use DEDUPE_ALGO_HASH_CODE for Acunetix360 (#6968) * Update mysql Docker tag from 5.7.39 to v5.7.40 (docker-compose.yml) (#6969) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update versions in application files * Fixed 500 error for GitHub finding links (#6981) * Typo on auto_create_context (#6291) * Fixed 500 error for GitHub finding links Co-authored-by: Bastian Hodapp <bastianhodapp@gmail.com> * Update versions in application files * Add Rubocop to parser documentation (#6978) * Update styfle/cancel-workflow-action action from 0.10.1 to v0.11.0 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6977) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency postcss from 8.4.17 to v8.4.18 (docs/package.json) (#6979) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump cryptography from 38.0.1 to 38.0.2 (#6976) Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.1 to 38.0.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/38.0.1...38.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pygithub from 1.55 to 1.56 (#6986) Bumps [pygithub](https://github.com/pygithub/pygithub) from 1.55 to 1.56. - [Release notes](https://github.com/pygithub/pygithub/releases) - [Changelog](https://github.com/PyGithub/PyGithub/blob/master/doc/changes.rst) - [Commits](https://github.com/pygithub/pygithub/compare/v1.55...v1.56) --- updated-dependencies: - dependency-name: pygithub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres:14.5-alpine Docker digest from 14.5 to 14.5-alpine (docker-compose.yml) (#6952) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Fix errors with risk acceptance filter (#6984) * Fix issues with Bugcrowd API parser not marking not_applicable/not_reproducible as inactive (#6974) * Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to v (docker-compose.yml) (#6988) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update rabbitmq Docker tag from 3.11.0 to v3.11.1 (docker-compose.yml) (#6989) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump packageurl-python from 0.10.3 to 0.10.4 (#6997) Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.3 to 0.10.4. - [Release notes](https://github.com/package-url/packageurl-python/releases) - [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) - [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.3...v0.10.4) --- updated-dependencies: - dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sqlalchemy from 1.4.41 to 1.4.42 (#6996) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.41 to 1.4.42. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.11.1-alpine Docker digest from 3.11.1 to 3.11.1-alpine (docker-compose.yml) (#6993) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update release-drafter/release-drafter action from v5.21.0 to v5.21.1 (.github/workflows/release-drafter.yml) (#7000) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Parse Veracode library_id for SCA to get the maven component name (#6995) * Enable filtering Findings on steps_to_reproduce (#6970) * Bump python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye (#6998) Bumps python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update asset and findings retrieval for Cobalt API parser (#7005) Update the Cobalt API parser's `CobaltAPI` client to fetch the maximum allowed number of findings and assets. * Update tj-actions/changed-files action from v32 to v33 (.github/workflows/submodule-update.yml) (#7014) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update rabbitmq Docker tag from 3.11.1 to v3.11.2 (docker-compose.yml) (#7008) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [FIX] Issues on disconnection and connection using Social Auth (#6066) * [FIX] Issues on disconnection and connection using OAuth Fix two issues: - When disconnecting using OAuth and "SHOW_LOGIN_FORM = False", as return URL is not /login and does not contains next parameter, an error 500 is trigerred. - When connecing using OAuth and "SHOW_LOGIN_FORM = False", message "You have logged out" is displayed after logging in. * Fixing Flake8 issues * Update package.json * Update __init__.py * Update views.py * Update pipeline.py * Update Chart.yaml * Update __init__.py * Update views.py * Update pipeline.py * Update pipeline.py * Update pipeline.py * Fix out of SLA time (#7017) * Add a HTML link in the references back to the Bugcrowd finding (#7018) * Bump boto3 from 1.24.55 to 1.25.0 (#7022) Bumps [boto3](https://github.com/boto/boto3) from 1.24.55 to 1.25.0. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.24.55...1.25.0) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update tj-actions/changed-files action from v33 to v34 (.github/workflows/submodule-update.yml) (#7026) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.32.0 to v1.33.0 (helm/defectdojo/values.yaml) (#7025) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump uwsgi from 2.0.20 to 2.0.21 (#7023) Bumps [uwsgi](https://github.com/unbit/uwsgi-docs) from 2.0.20 to 2.0.21. - [Release notes](https://github.com/unbit/uwsgi-docs/releases) - [Commits](https://github.com/unbit/uwsgi-docs/commits) --- updated-dependencies: - dependency-name: uwsgi dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres:14.5-alpine Docker digest from 14.5 to v (docker-compose.yml) (#7024) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-auth-oauthlib from 0.5.3 to 0.6.0 (#7021) Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.3 to 0.6.0. - [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md) - [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.3...v0.6.0) --- updated-dependencies: - dependency-name: google-auth-oauthlib dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.11.2-alpine Docker digest from 3.11.2 to 3.11.2-alpine (docker-compose.yml) (#7020) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump nginx from 1.23.1-alpine to 1.23.2-alpine (#7019) Bumps nginx from 1.23.1-alpine to 1.23.2-alpine. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update stefanzweifel/git-auto-commit-action action from v4.15.1 to v4.15.2 (.github/workflows/release-3-master-into-dev.yml) (#7016) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add support for ZAP "XML with requests and responses" format (#7013) * Support ZAP XML with requests and responses Signed-off-by: Max Maass <max.maass@iteratec.com> * Update ZAP parser with final XMLplus format Signed-off-by: Max Maass <max.maass@iteratec.com> * Update ZAP parser docs Signed-off-by: Max Maass <max.maass@iteratec.com> Signed-off-by: Max Maass <max.maass@iteratec.com> * Bump pyjwt from 2.5.0 to 2.6.0 (#7010) Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/commits) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update mysql:5.7.40 Docker digest from 5.7.40 to v (docker-compose.yml) (#7007) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump pytz from 2022.4 to 2022.5 (#7003) Bumps [pytz](https://github.com/stub42/pytz) from 2022.4 to 2022.5. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](https://github.com/stub42/pytz/compare/release_2022.4...release_2022.5) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Don't save vulnerability Ids on a re-import if they're already defined for the finding (#7012) * Bump gitpython from 3.1.28 to 3.1.29 (#6966) Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.28 to 3.1.29. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.28...3.1.29) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add the ability to only create finding groups when you have more than one finding in the group (#6916) * Bump google-auth from 2.12.0 to 2.13.0 (#7004) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.12.0 to 2.13.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.12.0...v2.13.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres Docker tag from 14.5 to v15 (docker-compose.yml) (#6994) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.64.0 to 2.65.0 (#7006) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.64.0 to 2.65.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.64.0...v2.65.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Endpoint_Status: Optimize DB (remove redundancy) (#6193) * Endpoint_Status: Optimize DB (remove redundancy) * small changes in comments * Fix importers, add TODOs * Fix migrations - rebase * Fix fixtures * add findings to Endpoint * consolidate models.py * fix alternative names for endpoint_status diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 592b6bb16..83c5fc5bc 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -507,7 +507,7 @@ class FindingViewSet(prefetch.PrefetchListMixin, 'finding_group_set', 'files', 'burprawrequestresponse_set', - 'endpoint_status', + 'status_finding', 'finding_meta', 'test__test_type', 'test__engagement', @@ -1757,7 +1757,7 @@ class TestImportViewSet(prefetch.PrefetchListMixin, 'test_import_finding_action_set', 'findings_affected', 'findings_affected__endpoints', - 'findings_affected__endpoint_status', + 'findings_affected__status_finding', 'findings_affected__finding_meta', 'findings_affected__jira_issue', 'findings_affected__burprawrequestresponse_set', diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py index 4bfb0805e..dd239751a 100644 --- a/dojo/endpoint/views.py +++ b/dojo/endpoint/views.py @@ -32,10 +32,17 @@ logger = logging.getLogger(__name__) def process_endpoints_view(request, host_view=False, vulnerable=False): if vulnerable: - endpoints = Endpoint.objects.filter(finding__active=True, findi…

* Rename "..._api" parsers to "api_..." * Reorder + categorise parsers in documentation * Group same step to one definition * Fix some imports * Add Edgescan and fix some imports * Fix mocks * Fix next unittests * Bump packageurl-python from 0.10.3 to 0.10.4 (#6997) Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.3 to 0.10.4. - [Release notes](https://github.com/package-url/packageurl-python/releases) - [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) - [Commits](package-url/packageurl-python@v0.10.3...v0.10.4) --- updated-dependencies: - dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sqlalchemy from 1.4.41 to 1.4.42 (#6996) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.41 to 1.4.42. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.11.1-alpine Docker digest from 3.11.1 to 3.11.1-alpine (docker-compose.yml) (#6993) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update release-drafter/release-drafter action from v5.21.0 to v5.21.1 (.github/workflows/release-drafter.yml) (#7000) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Parse Veracode library_id for SCA to get the maven component name (#6995) * Enable filtering Findings on steps_to_reproduce (#6970) * Bump python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye (#6998) Bumps python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update asset and findings retrieval for Cobalt API parser (#7005) Update the Cobalt API parser's `CobaltAPI` client to fetch the maximum allowed number of findings and assets. * Update tj-actions/changed-files action from v32 to v33 (.github/workflows/submodule-update.yml) (#7014) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update rabbitmq Docker tag from 3.11.1 to v3.11.2 (docker-compose.yml) (#7008) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [FIX] Issues on disconnection and connection using Social Auth (#6066) * [FIX] Issues on disconnection and connection using OAuth Fix two issues: - When disconnecting using OAuth and "SHOW_LOGIN_FORM = False", as return URL is not /login and does not contains next parameter, an error 500 is trigerred. - When connecing using OAuth and "SHOW_LOGIN_FORM = False", message "You have logged out" is displayed after logging in. * Fixing Flake8 issues * Update package.json * Update __init__.py * Update views.py * Update pipeline.py * Update Chart.yaml * Update __init__.py * Update views.py * Update pipeline.py * Update pipeline.py * Update pipeline.py * Fix out of SLA time (#7017) * Add a HTML link in the references back to the Bugcrowd finding (#7018) * Bump boto3 from 1.24.55 to 1.25.0 (#7022) Bumps [boto3](https://github.com/boto/boto3) from 1.24.55 to 1.25.0. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.24.55...1.25.0) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update tj-actions/changed-files action from v33 to v34 (.github/workflows/submodule-update.yml) (#7026) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.32.0 to v1.33.0 (helm/defectdojo/values.yaml) (#7025) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump uwsgi from 2.0.20 to 2.0.21 (#7023) Bumps [uwsgi](https://github.com/unbit/uwsgi-docs) from 2.0.20 to 2.0.21. - [Release notes](https://github.com/unbit/uwsgi-docs/releases) - [Commits](https://github.com/unbit/uwsgi-docs/commits) --- updated-dependencies: - dependency-name: uwsgi dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres:14.5-alpine Docker digest from 14.5 to v (docker-compose.yml) (#7024) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-auth-oauthlib from 0.5.3 to 0.6.0 (#7021) Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.3 to 0.6.0. - [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python-oauthlib@v0.5.3...v0.6.0) --- updated-dependencies: - dependency-name: google-auth-oauthlib dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.11.2-alpine Docker digest from 3.11.2 to 3.11.2-alpine (docker-compose.yml) (#7020) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump nginx from 1.23.1-alpine to 1.23.2-alpine (#7019) Bumps nginx from 1.23.1-alpine to 1.23.2-alpine. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update stefanzweifel/git-auto-commit-action action from v4.15.1 to v4.15.2 (.github/workflows/release-3-master-into-dev.yml) (#7016) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add support for ZAP "XML with requests and responses" format (#7013) * Support ZAP XML with requests and responses Signed-off-by: Max Maass <max.maass@iteratec.com> * Update ZAP parser with final XMLplus format Signed-off-by: Max Maass <max.maass@iteratec.com> * Update ZAP parser docs Signed-off-by: Max Maass <max.maass@iteratec.com> Signed-off-by: Max Maass <max.maass@iteratec.com> * Bump pyjwt from 2.5.0 to 2.6.0 (#7010) Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/commits) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update mysql:5.7.40 Docker digest from 5.7.40 to v (docker-compose.yml) (#7007) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump pytz from 2022.4 to 2022.5 (#7003) Bumps [pytz](https://github.com/stub42/pytz) from 2022.4 to 2022.5. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2022.4...release_2022.5) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Don't save vulnerability Ids on a re-import if they're already defined for the finding (#7012) * Bump gitpython from 3.1.28 to 3.1.29 (#6966) Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.28 to 3.1.29. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.28...3.1.29) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add the ability to only create finding groups when you have more than one finding in the group (#6916) * Bump google-auth from 2.12.0 to 2.13.0 (#7004) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.12.0 to 2.13.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.12.0...v2.13.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres Docker tag from 14.5 to v15 (docker-compose.yml) (#6994) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.64.0 to 2.65.0 (#7006) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.64.0 to 2.65.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.64.0...v2.65.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Forms: allow to prefill values * Fix class names - to be able to load them * Better logging in tools.factory * add 'get_api_scan_configuration_hints' + render hints * Flake8 * Cleanup of parsers * Fix unittests * Fix hint rendering * Add tool config unittests * PoC: ToolConfig tests * Add int test to all tests * Tests: Fix IDs * Move scans in tests * Revert "Tests: Fix IDs" This reverts commit dddefdd. * Fix intTest login, flake8 * Add BlackDuck to SCAN_APIS * Fix intTest path * Fix test * Fix edit page * Avoid 2 useless tests * Rebase Vulners * Fix double docs * add VulnersAPI to factory * Small typos * Fix VulnersAPI in factory * Fix unittests * add tests * Documentation - how to write API parsers * Fix integration test * Docs: Add test_connection and test_product_connection [skip action] Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Max Maass <max.maass@iteratec.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Colm O hEigeartaigh <coheigea@users.noreply.github.com> Co-authored-by: CharlieSears <charlie.sears@gmail.com> Co-authored-by: Eric Cornelissen <eric.cornelissen@cobalt.io> Co-authored-by: Ludovic Courgnaud <ludovic.courgnaud@gmail.com> Co-authored-by: Max Maass <1688580+malexmave@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 25, 2022

mtesauro approved these changes Oct 26, 2022

View reviewed changes

Maffooch approved these changes Oct 26, 2022

View reviewed changes

Maffooch merged commit 503a958 into dev Oct 26, 2022

dependabot bot deleted the dependabot/pip/dev/boto3-1.25.0 branch October 26, 2022 02:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump boto3 from 1.24.55 to 1.25.0 #7022

Bump boto3 from 1.24.55 to 1.25.0 #7022

Uh oh!

dependabot bot commented on behalf of github Oct 25, 2022

Uh oh!

mtesauro left a comment

Uh oh!

Uh oh!

Bump boto3 from 1.24.55 to 1.25.0 #7022

Bump boto3 from 1.24.55 to 1.25.0 #7022

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 25, 2022

1.25.0

1.24.96

1.24.95

1.24.94

1.24.93

Uh oh!

mtesauro left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!