Release: Merge back 2.36.0 into dev from: master-into-dev/2.36.0-2.37.0-dev

[github-actions]

Release triggered by Maffooch

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	1 finding
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request primarily consist of version updates to the DefectDojo application and its associated Helm chart. The updates include:

1. Updating the "defectdojo" package version in the package.json file from "2.36.0-dev" to "2.37.0-dev".
2. Updating the version in the dojo/__init__.py file from "2.36.0-dev" to "2.37.0-dev".
3. Adding a new documentation file docs/content/en/getting_started/upgrading/2.37.md for upgrading to DefectDojo version 2.37.x.
4. Updating the PostgreSQL dependency in the helm/defectdojo/Chart.lock file from version 15.5.9 to 15.5.11.
5. Updating the DefectDojo Helm chart to version 1.6.138-dev and the application version to 2.37.0-dev in the helm/defectdojo/Chart.yaml file.

From an application security perspective, these changes do not raise any immediate concerns. Version updates are a normal part of software development and maintenance, and they typically do not introduce security vulnerabilities on their own. However, it's important to review the release notes or changelogs for the new versions to understand if there are any security-related bug fixes or improvements included in the updates.

Additionally, it's crucial to ensure that all dependencies, including the PostgreSQL chart and other components used by the DefectDojo application, are kept up-to-date and secure. Regularly monitoring for security advisories and updating the application accordingly is essential for maintaining a secure and robust application.

Files Changed:

1. components/package.json: The version of the "defectdojo" package has been updated from "2.36.0-dev" to "2.37.0-dev".
2. dojo/__init__.py: The version has been updated from "2.36.0-dev" to "2.37.0-dev".
3. docs/content/en/getting_started/upgrading/2.37.md: A new documentation file has been added for upgrading to DefectDojo version 2.37.x.
4. helm/defectdojo/Chart.lock: The PostgreSQL dependency has been updated from version 15.5.9 to 15.5.11.
5. helm/defectdojo/Chart.yaml: The DefectDojo Helm chart has been updated to version 1.6.138-dev, and the application version has been updated to 2.37.0-dev.

Powered by DryRun Security