Skip to content

Release: Merge release into master from: release/2.45.2#12270

Merged
rossops merged 44 commits intomasterfrom
release/2.45.2
Apr 21, 2025
Merged

Release: Merge release into master from: release/2.45.2#12270
rossops merged 44 commits intomasterfrom
release/2.45.2

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Apr 21, 2025

Release triggered by rossops

DefectDojo release bot and others added 30 commits April 7, 2025 15:24
Update versions in application files
3bc363d
@Maffooch
Merge pull request #12189 from DefectDojo/master-into-dev/2.45.0-2.46…
131e567 
….0-dev

Release: Merge back 2.45.0 into dev from: master-into-dev/2.45.0-2.46.0-dev
@dependabot
Bump boto3 from 1.37.27 to 1.37.28 (#12183)
e2fbf54 
Bumps [boto3](https://github.com/boto/boto3) from 1.37.27 to 1.37.28.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.27...1.37.28)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.37.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump lxml from 5.3.1 to 5.3.2 (#12182)
95434ae 
Bumps [lxml](https://github.com/lxml/lxml) from 5.3.1 to 5.3.2.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-5.3.1...lxml-5.3.2)

---
updated-dependencies:
- dependency-name: lxml
  dependency-version: 5.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump ruff from 0.11.3 to 0.11.4 (#12184)
59f08d4 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.3 to 0.11.4.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.3...0.11.4)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump boto3 from 1.37.28 to 1.37.29 (#12195)
e5a0ffc 
Bumps [boto3](https://github.com/boto/boto3) from 1.37.28 to 1.37.29.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.28...1.37.29)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.37.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump django-extensions from 3.2.3 to 4.0 (#12197)
6db74ef 
Bumps [django-extensions](https://github.com/django-extensions/django-extensions) from 3.2.3 to 4.0.
- [Release notes](https://github.com/django-extensions/django-extensions/releases)
- [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md)
- [Commits](django-extensions/django-extensions@3.2.3...4.0)

---
updated-dependencies:
- dependency-name: django-extensions
  dependency-version: '4.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump celery from 5.4.0 to 5.5.1 (#12196)
f95315d 
Bumps [celery](https://github.com/celery/celery) from 5.4.0 to 5.5.1.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst)
- [Commits](celery/celery@v5.4.0...v5.5.1)

---
updated-dependencies:
- dependency-name: celery
  dependency-version: 5.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump boto3 from 1.37.29 to 1.37.30 (#12202)
b018feb 
Bumps [boto3](https://github.com/boto/boto3) from 1.37.29 to 1.37.30.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.29...1.37.30)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.37.30
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@kiblik
Ruff: Final fix of PTH123 (#12177)
9fcf423
@kiblik
feat(perf): Speed-up loading by using smaller resources (js,css) (#12178
d11e7cd 
)
@dependabot
Bump boto3 from 1.37.30 to 1.37.31 (#12208)
4e171b7 
Bumps [boto3](https://github.com/boto/boto3) from 1.37.30 to 1.37.31.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.30...1.37.31)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.37.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump django-celery-results from 2.5.1 to 2.6.0 (#12209)
fb41501 
Bumps [django-celery-results](https://github.com/celery/django-celery-results) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/celery/django-celery-results/releases)
- [Changelog](https://github.com/celery/django-celery-results/blob/main/Changelog)
- [Commits](celery/django-celery-results@v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: django-celery-results
  dependency-version: 2.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@renovate
Update dependency vite from 6.2.5 to v6.2.6 (docs/package.json) (#12207)
9daf2f5 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@manuel-sommer @Maffooch
Ruff: Add S324 rule (#12169)
ceee38a 
* fix

* fix

* Update ruff.toml

---------

Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
@valentijnscholten
sla_config: use mass update for recalculation (#12133)
5e97c09 
* sla_config_updater: add logging

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* cleanup
@Maffooch
Import/Reimport Stats: Change name of left untouched (#12193)
f751349 
* Import/Reimport Stats: Change name of left untouched

* Update migrations

* Failed spell check

* Update migration again

* Migrate from `left_untouched` to `untouched`
@dependabot
Bump boto3 from 1.37.31 to 1.37.32 (#12219)
3cd059d 
Bumps [boto3](https://github.com/boto/boto3) from 1.37.31 to 1.37.32.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.31...1.37.32)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.37.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump django-extensions from 4.0 to 4.1 (#12220)
ca34ac3 
Bumps [django-extensions](https://github.com/django-extensions/django-extensions) from 4.0 to 4.1.
- [Release notes](https://github.com/django-extensions/django-extensions/releases)
- [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md)
- [Commits](django-extensions/django-extensions@4.0...4.1)

---
updated-dependencies:
- dependency-name: django-extensions
  dependency-version: '4.1'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Update versions in application files
31baf30
@manuel-sommer
🐛 fix ruff bump to 0.11.5 #12217 (#12224)
a045f44 
* 🐛 fix ruff bump to 0.11.5

* bump
@rossops
Merge branch 'dev' into master-into-dev/2.45.1-2.46.0-dev
3ec6b4c
@dependabot
Bump uwsgi from 2.0.28 to 2.0.29 (#12231)
7c6c90f 
Bumps [uwsgi](https://uwsgi-docs.readthedocs.io/en/latest/) from 2.0.28 to 2.0.29.

---
updated-dependencies:
- dependency-name: uwsgi
  dependency-version: 2.0.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump boto3 from 1.37.32 to 1.37.33 (#12232)
7f5b9ed 
Bumps [boto3](https://github.com/boto/boto3) from 1.37.32 to 1.37.33.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.32...1.37.33)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.37.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump markdown from 3.7 to 3.8 (#12233)
79f057f 
Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.7 to 3.8.
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](Python-Markdown/markdown@3.7...3.8)

---
updated-dependencies:
- dependency-name: markdown
  dependency-version: '3.8'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@renovate
chore(deps): update actions/setup-node action from v4.3.0 to v4.4.0 (…
348c996 
….github/workflows/validate_docs_build.yml) (#12229)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@dependabot
Bump django-crispy-forms from 2.3 to 2.4 (#12235)
c7c5132 
Bumps [django-crispy-forms](https://github.com/django-crispy-forms/django-crispy-forms) from 2.3 to 2.4.
- [Release notes](https://github.com/django-crispy-forms/django-crispy-forms/releases)
- [Changelog](https://github.com/django-crispy-forms/django-crispy-forms/blob/main/CHANGELOG.md)
- [Commits](django-crispy-forms/django-crispy-forms@2.3...2.4)

---
updated-dependencies:
- dependency-name: django-crispy-forms
  dependency-version: '2.4'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump pillow from 11.1.0 to 11.2.1 (#12234)
8356f81 
Bumps [pillow](https://github.com/python-pillow/Pillow) from 11.1.0 to 11.2.1.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@11.1.0...11.2.1)

---
updated-dependencies:
- dependency-name: pillow
  dependency-version: 11.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Maffooch
Fixing ruff
f2ee11e
@rossops
Merge pull request #12239 from DefectDojo/master-into-dev/2.45.1-2.46…
ed2b172 
….0-dev

Release: Merge back 2.45.1 into dev from: master-into-dev/2.45.1-2.46.0-dev
maarten-boot and others added 12 commits April 15, 2025 14:35
@maarten-boot @Maffooch
Update how-to-write-a-parser.md (#12210)
ed03b4f 
* Update how-to-write-a-parser.md

- it is 4 methods that have to be added not 3 (see the numbered list 1..4 )
- the location of the doc for a new parser is now in: `docs/content/en/connecting_your_tools/parsers/<file/api>/`

* Update how-to-write-a-parser.md 2

- update the import page documentation

* Update docs/content/en/open_source/contributing/how-to-write-a-parser.md

---------

Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
@manuel-sommer
Deprecation notification about async import (#12244)
d902fbb
@Maffooch
Tag: Update allowed characters for a unified format (#12194)
0b5354e 
* Implement migration

* Remove lower case requirement

* Create common validator

* UI: Apply validator

* API: Apply validator

* Add release notes

* Add unit tests

* Fixing ruff

* Fix some migration updates

* Applying feedback

* Silly copy/paste
@renovate
Update dependency vite from 6.2.6 to v6.3.0 (docs/package.json) (#12252)
d2a32bf 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@dependabot
Bump boto3 from 1.37.34 to 1.37.35 (#12257)
50a0c43 
Bumps [boto3](https://github.com/boto/boto3) from 1.37.34 to 1.37.35.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.34...1.37.35)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.37.35
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@renovate
Update dependency vite from 6.3.0 to v6.3.1 (docs/package.json) (#12255)
cfd640f 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.37.6 to v1.…
744cce5 
…37.7 (helm/defectdojo/values.yaml) (#12254)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@shipko
Update base.html (#12228)
8f7936e
@dependabot
Bump boto3 from 1.37.35 to 1.37.36 (#12262)
810d93c 
Bumps [boto3](https://github.com/boto/boto3) from 1.37.35 to 1.37.36.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.35...1.37.36)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.37.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump ruff from 0.11.5 to 0.11.6 (#12263)
41d5929 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.5 to 0.11.6.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.5...0.11.6)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@renovate
Update dependency vite from 6.3.1 to v6.3.2 (docs/package.json) (#12260)
841df51 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Update versions in application files
6e392bf
@rossops rossops closed this Apr 21, 2025
@rossops rossops reopened this Apr 21, 2025
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Apr 21, 2025
edited
Loading

DryRun Security

🔴 Risk threshold exceeded.

This pull request involves sensitive edits to multiple files in the project, including database migrations, models, templates, and utility files, and includes modifications to various parsers to mark MD5 hash generation as not used for security purposes.

⚠️ Configured Codepaths Edit in dojo/db_migrations/0226_import_history_left_untouched_rename.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
⚠️ Configured Codepaths Edit in dojo/models.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
⚠️ Configured Codepaths Edit in dojo/product/helpers.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
⚠️ Configured Codepaths Edit in dojo/templates/base.html
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
⚠️ Configured Codepaths Edit in dojo/utils.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
💭 Unconfirmed Findings (14)
Vulnerability Blackduck
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability Bugcrowd
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability Bundler Audit
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability Cobalt
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability GGShield
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability Gitleaks
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability H1
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability HuskyCI
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability IBM App
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability ImmuniWeb
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability Kiuwan
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability Mend
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability NeuVector Compliance
Description Parser modified to add usedforsecurity=False to MD5 hash generation
Vulnerability Noseyparker
Description Parser modified to add usedforsecurity=False to MD5 hash generation

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

@rossops rossops merged commit 795b345 into master Apr 21, 2025
75 of 76 checks passed
@Maffooch Maffooch mentioned this pull request Apr 21, 2025
Merged
@Maffooch Maffooch deleted the release/2.45.2 branch April 21, 2025 18:25
Maffooch pushed a commit that referenced this pull request Feb 16, 2026
@rossops
Merge pull request #12270 from DefectDojo/release/2.45.2
774e64e 
Release: Merge release into master from: release/2.45.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

Assignees

No one assigned

Labels

apiv2 docs helm integration_tests lint New Migration Adding a new migration file. Take care when merging. parser ui unittests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@rossops @Maffooch @kiblik @manuel-sommer @valentijnscholten @maarten-boot @shipko