Syncs with upstream dev #106
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [boto3](https://github.com/boto/boto3) from 1.34.6 to 1.34.8. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.6...1.34.8) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.8 to 1.34.9. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.8...1.34.9) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.4 to 7.4.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.3.4...7.4.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/IdentityPython/djangosaml2/releases) - [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES) - [Commits](IdentityPython/djangosaml2@v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: djangosaml2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v4.2.0...v4.3.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ml) (#9233) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps openapitools/openapi-generator-cli from v7.1.0 to v7.2.0. --- updated-dependencies: - dependency-name: openapitools/openapi-generator-cli dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps nginx from `3923f8d` to `a59278f`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🐛 fix issue #9170 * typo * update according to review comment
* Pin docker version * fix indent * Fix name for helm release action
* 🎉 unittest to help remove unnecessary lines in settings.dist.py * 🐛 fix according to unittest * update according to review comment
* fix typos in importing documentation * update according to review comment
There are no releases on the `dev` branch
* Initial implementation of Black Duck Binary Analysis Parser * Initial implementation of Black Duck Binary Analysis Parser * Initial implementation of Black Duck Binary Analysis Parser #flake8 * Initial implementation of Black Duck Binary Analysis Parser #dedupe_algo * Initial implementation of Black Duck Binary Analysis Parser #dedupe_algo_bugfix * Initial implementation of Black Duck Binary Analysis Parser #extend_unittests_and_integrate_sha1_into_title * Initial implementation of Black Duck Binary Analysis Parser #extend_unittests_include_report_path * Initial implementation of Black Duck Binary Analysis Parser - update title since CVE can sometimes be blank (i.e. replacing CVE w/ Object SHA1) * Initial implementation of Black Duck Binary Analysis Parser - settings.dist.py #tweak * Initial implementation of Black Duck Binary Analysis Parser - parser.py, #bugfix in mismatched title * Initial implementation of Black Duck Binary Analysis Parser - Make Dedupe more resilient as it's also possible to have the same components in different object paths despite being the same object * Initial implementation of Black Duck Binary Analysis Parser - parser.py, #bugfix in mismatched description * Initial implementation of Black Duck Binary Analysis Parser - parser.py, slight tweak in description * Initial implementation of Black Duck Binary Analysis Parser - Make Dedupe more resilient as it's also possible for the same components in the same object full path to have different CVEs. There's also circumstances in which a component may not have a CVE. * Initial implementation of Black Duck Binary Analysis Parser - Slight tweak in Dedupe verification. Rely upon Object SHA1 in unique_id_from_tool field instead of including the object SHA1 in the title (i.e. reduce characters in title and make more readable). * Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation * Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation #bugfix * Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation #flake8 * Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score. Otherwise, populate severity justification w/ CVSS2 vector and score * Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score. Otherwise, populate severity justification w/ CVSS2 vector and score #bugfix * Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score. Otherwise, populate severity justification w/ CVSS2 vector and score #bugfix2 * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info #bugfix * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info #simplify * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info #bugfixes * Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2. If CVSSv2 is the only one available, use it else if nothing else set to Info #more_bugfixes * Initial implementation of Black Duck Binary Analysis Parser - CVSSv2 vector massaging * Initial implementation of Black Duck Binary Analysis Parser - #bugfixes in unit tests. * Initial implementation of Black Duck Binary Analysis Parser - #bugfixes in unit tests...include get_unit_tests_path during import. * Initial implementation of Black Duck Binary Analysis Parser - #more_bugfixes in unit test * Initial implementation of Black Duck Binary Analysis Parser - Preserve original report name to include in description * Initial implementation of Black Duck Binary Analysis Parser - Preserve original report name to include in description #bugfix * Initial implementation of Black Duck Binary Analysis Parser - Enrich documentation * Initial implementation of Black Duck Binary Analysis Parser - 1. update unit test to check for expected fields.\n2. Update how dedupe is derived.\nImplement suggested changes per @Maffooch feedback. * Initial implementation of Black Duck Binary Analysis Parser - 1. unit test #tweak * Initial implementation of Black Duck Binary Analysis Parser - 1. unit test #tweak
* 🐛 fix issue #9234 * retrigger failed pipeline with additional unittest
Release: Merge release into master from: release/2.30.0
Bumps [boto3](https://github.com/boto/boto3) from 1.34.9 to 1.34.11. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.9...1.34.11) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…0-dev Release: Merge back 2.30.0 into dev from: master-into-dev/2.30.0-2.31.0-dev
Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…alpine (docker-compose.yml) (#9240) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…github/workflows/k8s-tests.yml) (#9257) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.1.0...10.2.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add Announcement to API * Add test_rest_framework * Add test_swagger_schema * Flake8 * Fix count * Skip test * Inc db_mig * Use DojoModelViewSet * inc db_mig
* feat: add auditlog retention * linting: satisfy flake8 * fix: forgot imports in tasks.py * fix: add necessary test-data * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update dojo/tasks.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <kiblik@gjh.sk> * Update test_flush_auditlog.py removed spaces * fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter --------- Co-authored-by: MarianG <marian.gawron@deutschebahn.com> Co-authored-by: kiblik <kiblik@gjh.sk>
github-actions
bot
added
docs
docker
helm
New Migration
unittests
settings_changes
apiv2
ui
parser
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.