Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Helm release mysql (helm/defectdojo/Chart.yaml) #10500

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 2, 2024

Mend Renovate

This PR contains the following updates:

Package Update Change
mysql (source) minor ~9.19.0 -> ~9.23.0
mysql major 5.7.44 -> 9.0.0

Release Notes

bitnami/charts (mysql)

v9.23.0

  • [bitnami/mysql] feat: ✨ 🔒 Add automatic adaptation for Openshift restricted-v2 SCC (#​2 (51beaf0), closes #​24128

v9.22.0

v9.21.2

v9.21.1


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jul 2, 2024
Copy link

dryrunsecurity bot commented Jul 2, 2024

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
IDOR Analyzer 0 findings
Sensitive Files Analyzer 0 findings
SQL Injection Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes in this pull request primarily focus on updating the dependencies used in the DefectDojo application's Helm chart and the Docker Compose configuration.

The Helm chart changes involve updating the MySQL and PostgreSQL Helm chart dependencies to their latest versions. While these updates are generally a good security practice, it is essential to review the release notes and changelogs of the new versions to ensure there are no known security vulnerabilities or breaking changes that could impact the DefectDojo application.

The more significant change is the update to the Docker Compose configuration, which upgrades the MySQL database image from version 5.7.44 to 9.0.0. This version upgrade has several security and compatibility implications that require careful review and testing. Potential impacts include changes in database functionality, security patches, compatibility with the application stack, performance, and deployment considerations.

Overall, these changes appear to be routine updates to keep the application's dependencies up-to-date. However, it is crucial to thoroughly test the updated components in a non-production environment and review any security advisories or release notes to ensure the continued security and stability of the DefectDojo application.

Files Changed:

  1. helm/defectdojo/Chart.yaml: This file has been updated to use the latest version of the MySQL Helm chart dependency, from ~9.19.0 to ~9.23.0. This is a minor version update that typically includes bug fixes and improvements, but it's important to review the release notes to ensure there are no known security vulnerabilities.

  2. helm/defectdojo/Chart.lock: This file has been updated to reflect the changes in the Helm chart dependencies, including the MySQL chart version update from 9.19.1 to 9.23.0 and the PostgreSQL chart version update from 15.5.11 to 15.5.12. The digest value and generation timestamp have also been updated.

  3. docker-compose.yml: This file has been updated to use the MySQL database image version 9.0.0 instead of the previous 5.7.44 version. This is a significant version upgrade that requires careful review and testing to ensure compatibility, security, performance, and scalability of the DefectDojo application.

Powered by DryRun Security

@mtesauro
Copy link
Contributor

mtesauro commented Jul 2, 2024

MySQL was deprecated in 2.36.0

@mtesauro mtesauro closed this Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file docker helm
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant