Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Helm release mysql (helm/defectdojo/Chart.yaml) #10499

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 2, 2024

Mend Renovate

This PR contains the following updates:

Package Update Change
mysql (source) minor ~9.19.0 -> ~9.23.0
mysql major 5.7.44 -> 9.0.0

Release Notes

bitnami/charts (mysql)

v9.23.0

  • [bitnami/mysql] feat: ✨ 🔒 Add automatic adaptation for Openshift restricted-v2 SCC (#​2 (51beaf0), closes #​24128

v9.22.0

v9.21.2

v9.21.1


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jul 2, 2024
Copy link

dryrunsecurity bot commented Jul 2, 2024

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
IDOR Analyzer 0 findings
Sensitive Files Analyzer 0 findings
SQL Injection Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request primarily involve updating the dependency versions used in the DefectDojo Helm chart and the Docker Compose file. While these changes do not directly introduce security vulnerabilities, they should be reviewed carefully to ensure that the application remains secure and compatible with the updated dependencies.

The key changes include:

  1. Updating the MySQL Helm chart dependency version from ~9.19.0 to ~9.23.0.
  2. Updating the PostgreSQL Helm chart dependency version from 15.5.11 to 15.5.12.
  3. Updating the MySQL database image version from 5.7.44 to 9.0.0 in the Docker Compose file.

As an application security engineer, I would recommend the following:

  1. Review the release notes and security bulletins for the updated MySQL and PostgreSQL Helm chart versions to ensure there are no known security vulnerabilities or breaking changes that could impact the DefectDojo application.
  2. Thoroughly test the application with the updated database version to verify compatibility and functionality.
  3. Ensure that the database version change is applied consistently across all environments (development, staging, production) to maintain environmental consistency.
  4. Monitor the application and the updated dependencies for any security-related issues that may arise in the future and address them promptly.

Overall, the changes appear to be routine maintenance updates, but it's important to review them carefully to maintain the security and stability of the DefectDojo application.

Files Changed:

  1. helm/defectdojo/Chart.yaml: The MySQL dependency version has been updated from ~9.19.0 to ~9.23.0.
  2. helm/defectdojo/Chart.lock: The MySQL dependency version has been updated from 9.19.1 to 9.23.0, and the PostgreSQL dependency version has been updated from 15.5.11 to 15.5.12.
  3. docker-compose.yml: The MySQL database image version has been updated from 5.7.44 to 9.0.0.

Powered by DryRun Security

@mtesauro
Copy link
Contributor

mtesauro commented Jul 2, 2024

MySQL was deprecated in 2.36.0

@mtesauro mtesauro closed this Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file docker helm
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant