Merge branch 'dev' into fix_filterwarnings_invalid_escape_sequence

.github/renovate.json

@@ -12,5 +12,8 @@
     "commitMessageExtra": "from {{currentVersion}} to {{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{toVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}",
     "commitMessageSuffix": "({{packageFile}})",
     "labels": ["dependencies"]
-  }]
+  }],
+  "registryAliases": {
+    "bitnami": "https://charts.bitnami.com/bitnami"
+  }
 }

.github/workflows/fetch-oas.yml

@@ -10,6 +10,9 @@ on:
           This will override any version calculated by the release-drafter.
         required: true
 
+env:
+  release_version: ${{ github.event.inputs.version || github.event.inputs.release_number }}
+
 jobs:
   oas_fetch:
     name: Fetch OpenAPI Specifications
@@ -21,19 +24,19 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.inputs.version }}
+          ref: release/${{ env.release_version }}
 
       - name: Load docker images
         run: |-
-             docker pull defectdojo/defectdojo-django:${{ github.event.inputs.version }}-alpine
-             docker pull defectdojo/defectdojo-nginx:${{ github.event.inputs.version }}-alpine
+             docker pull defectdojo/defectdojo-django:${{ env.release_version }}-alpine
+             docker pull defectdojo/defectdojo-nginx:${{ env.release_version }}-alpine
              docker images
 
       - name: Start Dojo
         run: docker-compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env up --no-deps -d postgres nginx uwsgi
         env:
-          DJANGO_VERSION: ${{ github.event.inputs.version }}-alpine
-          NGINX_VERSION: ${{ github.event.inputs.version }}-alpine
+          DJANGO_VERSION: ${{ env.release_version }}-alpine
+          NGINX_VERSION: ${{ env.release_version }}-alpine
 
       - name: Download OpenAPI Specifications
         run: |-

NOTICE

@@ -3910,49 +3910,6 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
-drf-yasg
-1.20.0
-BSD License
-.. |br| raw:: html
-
-   <br />
-
-#######
-License
-#######
-
-********************
-BSD 3-Clause License
-********************
-
-Copyright (c) 2017 - 2019, Cristian V. <[email protected]> |br|\ All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-* Neither the name of the copyright holder nor the names of its
-  contributors may be used to endorse or promote products derived from
-  this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
 ecdsa
 0.17.0
 MIT

components/package.json

@@ -21,7 +21,6 @@
     "drmonty-datatables-responsive": "^1.0.0",
     "easymde": "^2.18.0",
     "flot": "flot/flot#~0.8.3",
-    "flot-axis": "markrcote/flot-axislabels#*",
     "font-awesome": "^4.0.0",
     "fullcalendar": "^3.10.2",
     "google-code-prettify": "^1.0.0",

docker-compose.yml

@@ -138,7 +138,7 @@ services:
     volumes:
       - defectdojo_data:/var/lib/mysql
   postgres:
-    image: postgres:16.1-alpine@sha256:17eb369d9330fe7fbdb2f705418c18823d66322584c77c2b43cc0e1851d01de7
+    image: postgres:16.2-alpine@sha256:bbd7346fab25b7e0b25f214829d6ebfb78ef0465059492e46dee740ce8fcd844
     profiles: 
       - postgres-rabbitmq
       - postgres-redis
@@ -149,7 +149,7 @@ services:
     volumes:
       - defectdojo_postgres:/var/lib/postgresql/data
   rabbitmq:
-    image: rabbitmq:3.12.12-alpine@sha256:806b2dba0f6b96a719f6b9e860799928a7a2cbd862b8a0c1d3407d0dfe2a8d63
+    image: rabbitmq:3.12.12-alpine@sha256:9144c0eca261e36ffd1a3f9ef21a860242a4a60e0211bbade82c80910958a5e9
     profiles: 
       - mysql-rabbitmq
       - postgres-rabbitmq

docs/content/en/getting_started/upgrading/2.32.md

@@ -2,6 +2,13 @@
 title: 'Upgrading to DefectDojo Version 2.32.x'
 toc_hide: true
 weight: -20240205
-description: No special instructions.
+description: Breaking change: Removal of OpenAPI 2.0 Swagger
 ---
 There are no special instructions for upgrading to 2.32.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.32.0) for the contents of the release.
+
+**Removal**
+
+The OpenAPI 2.0 Swagger API documentation was removed in favor of the existing
+OpenAPI 3.0 API documentation page.
+
+*Note*: The API has not changed in any way and behaves the same between OAPI2 and OAPI3

docs/content/en/integrations/api-v2-docs.md

@@ -16,11 +16,8 @@ Docs link on the user drop down menu in the header.
 
 ![image](../../images/api_v2_1.png)
 
-The documentation is generated using [Django Rest Framework
-Yet Another Swagger Generator](https://github.com/axnsan12/drf-yasg/), and is
-interactive. On the top of API v2 docs is a link that generates an OpenAPI v2 spec.
-
-As a preparation to move to OpenAPIv3, we have added an compatible spec and documentation at [`/api/v2/oa3/swagger-ui/`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/)
+The documentation is generated using [drf-spectacular](https://drf-spectacular.readthedocs.io/) at [`/api/v2/oa3/swagger-ui/`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/), and is
+interactive. On the top of API v2 docs is a link that generates an OpenAPI v3 spec.
 
 To interact with the documentation, a valid Authorization header value
 is needed. Visit the `/api/key-v2` view to generate your

docs/content/en/usage/features.md

@@ -557,6 +557,9 @@ Product Type Counts
 
     ![Product Type Counts](../../images/met_2.png)
 
+Product Tag Counts
+:   Same as above, but for a group of products sharing a tag.
+
 Simple Metrics
 :   Provides tabular data for all Product Types. The data displayed in
     this view is the total number of S0, S1, S2, S3, S4, Opened This

docs/package.json

@@ -1,6 +1,6 @@
 {
   "devDependencies": {
-    "postcss": "8.4.34",
+    "postcss": "8.4.35",
     "autoprefixer": "10.4.17",
     "postcss-cli": "11.0.0"
   }

dojo/api_v2/mixins.py

@@ -1,7 +1,6 @@
 from django.db import DEFAULT_DB_ALIAS
 from django.contrib.admin.utils import NestedObjects
 from drf_spectacular.utils import extend_schema
-from drf_yasg.utils import swagger_auto_schema
 from rest_framework.decorators import action
 from rest_framework import status
 from rest_framework.authtoken.models import Token
@@ -17,10 +16,6 @@ class DeletePreviewModelMixin:
             status.HTTP_200_OK: serializers.DeletePreviewSerializer(many=True)
         },
     )
-    @swagger_auto_schema(
-        method="get",
-        responses={"default": serializers.DeletePreviewSerializer(many=True)},
-    )
     @action(detail=True, methods=["get"], filter_backends=[], suffix="List")
     def delete_preview(self, request, pk=None):
         object = self.get_object()

dojo/api_v2/prefetch/__init__.py

@@ -1,4 +1,3 @@
 from .mixins import PrefetchListMixin, PrefetchRetrieveMixin
-from .schema import get_prefetch_schema
 
-__all__ = ["PrefetchListMixin", "PrefetchRetrieveMixin", "get_prefetch_schema"]
+__all__ = ["PrefetchListMixin", "PrefetchRetrieveMixin"]