-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Direct Renovate to ignore MySQL and RabbitMQ packages #10511
Conversation
Signed-off-by: DefectDojo <[email protected]>
….36.0-2.37.0-dev Release: Merge back 2.36.0 into dev from: master-into-dev/2.36.0-2.37.0-dev
…rt.yaml) (DefectDojo#10461) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 4.6.0 to 4.7.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v4.6.0...v4.7.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…efectDojo#10466) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.135 to 1.34.136. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.34.135...1.34.136) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [django-test-migrations](https://github.com/wemake-services/django-test-migrations) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/wemake-services/django-test-migrations/releases) - [Changelog](https://github.com/wemake-services/django-test-migrations/blob/master/CHANGELOG.md) - [Commits](wemake-services/django-test-migrations@1.3.0...1.4.0) --- updated-dependencies: - dependency-name: django-test-migrations dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [openpyxl](https://openpyxl.readthedocs.io) from 3.1.4 to 3.1.5. --- updated-dependencies: - dependency-name: openpyxl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This reverts commit c8e1b09.
…efectDojo#10476) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.3.0 to 10.4.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.3.0...10.4.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2024.6.1 to 2024.7.1. - [Commits](tfranzel/drf-spectacular-sidecar@2024.6.1...2024.7.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [asteval](https://github.com/lmfit/asteval) from 0.9.33 to 1.0.0. - [Release notes](https://github.com/lmfit/asteval/releases) - [Commits](lmfit/asteval@0.9.33...1.0.0) --- updated-dependencies: - dependency-name: asteval dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.136 to 1.34.137. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.34.136...1.34.137) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Ruff: add Q001 * Ruff: fix Q001 * Ruff: add Q002 * Ruff: fix Q002 * Ruff: add Q003 * Ruff: fix Q003 * Ruff: add Q004 * Ruff: fix Q004
Co-authored-by: Matt Tesauro <[email protected]>
* add prowler v4 parser * remove line * fix typo * add settings.dist.py although it's written that one should not touch it but use env vars * add modified .settings.dist.py.sha256sum * extend prowler v3 parser to parse also prowler v4 reports in oscf-json format * update aws_prowler_v3.md * revert settings * add modified .settings.dist.py.sha256sum * revert docker-compose.yml * make ruff happy * separate prowler v3 and v4 parsers * renaming * add prowler v4 parser * remove line * fix typo * add settings.dist.py although it's written that one should not touch it but use env vars * add modified .settings.dist.py.sha256sum * extend prowler v3 parser to parse also prowler v4 reports in oscf-json format * update aws_prowler_v3.md * revert settings * add modified .settings.dist.py.sha256sum * make ruff happy * separate prowler v3 and v4 parsers * renaming * Update helm lock file Signed-off-by: DefectDojo <[email protected]> * make ruff happy --------- Signed-off-by: DefectDojo <[email protected]> Co-authored-by: DefectDojo <[email protected]>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.137 to 1.34.138. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.34.137...1.34.138) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Change Summary (click to expand)The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. Summary: The provided code change is related to the configuration of the Renovate bot, which is a tool used for automatically managing dependencies in software projects. The changes made in this pull request include ignoring specific dependencies, such as From an application security perspective, the changes in this pull request do not appear to introduce any obvious security concerns. However, it's important to carefully consider the decision to ignore specific dependencies or file paths, as it could potentially lead to security vulnerabilities if important updates are missed. The ignored dependencies, Files Changed:
Powered by DryRun Security |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved
Closing to change the base branch... |
Description
Since we have deprecated MySQL and RabbitMQ as of v2.36.0, this PR will remove them from the list of packages for which Renovate will open PRs for every version bump (as seen with e.g. #10502 #10510). This is part of our gradual removal of these packages now that they are no longer supported.
This PR should be reverted once these packages are totally removed.
Test results
N/A
Documentation
N/A