Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix(django): Upgrade of 4.2.14 #10553

Merged
merged 1 commit into from
Jul 12, 2024
Merged

Fix(django): Upgrade of 4.2.14 #10553

merged 1 commit into from
Jul 12, 2024

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Jul 10, 2024

While waiting for the acceptance of #10409, it might be a good idea to upgrade Django at least to 4.2.14 to mitigate known issues: https://docs.djangoproject.com/en/5.0/releases/4.2.14/

This change is not offered by dependabot because it is monitoring only the latest versions (in running configuration).

Copy link

dryrunsecurity bot commented Jul 10, 2024

DryRun Security Summary

This pull request updates the Django version in the DefectDojo application's requirements.txt file, which is a positive change as it likely includes security fixes and improvements, and keeping dependencies up-to-date is an important security practice.

Expand for full summary

Summary:

This pull request updates the Django version from 4.2.13 to 4.2.14 in the requirements.txt file for the DefectDojo application. From an application security perspective, this is a positive change, as it likely includes security fixes and improvements. Keeping the application's dependencies up-to-date is an important security practice, as it helps mitigate known vulnerabilities. The requirements.txt file also contains a comprehensive list of the application's dependencies, including several security-related libraries, suggesting that the DefectDojo application is taking security seriously and incorporating various security measures into the project. Overall, this pull request appears to be a routine update to the application's dependencies, which is a good practice for maintaining the application's security and stability. However, it's always important to thoroughly review the changes and test the application to ensure that the update does not introduce any regressions or unintended consequences.

Files Changed:

  • requirements.txt: This file has been updated to change the Django version from 4.2.13 to 4.2.14. This is a positive change, as it likely includes security fixes and improvements, and keeping dependencies up-to-date is an important security practice.

Code Analysis

We ran 7 analyzers against 1 file and 1 analyzer had findings. 6 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@kiblik kiblik changed the title Fix(django): Upgrade of 4.2 Fix(django): Upgrade of 4.2.14 Jul 10, 2024
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@kiblik kiblik closed this Jul 11, 2024
@kiblik kiblik reopened this Jul 11, 2024
@mtesauro mtesauro merged commit cdbb35a into DefectDojo:dev Jul 12, 2024
236 of 237 checks passed
@kiblik kiblik deleted the django_4.2 branch July 12, 2024 22:03
mwager added a commit to mwager/django-DefectDojo that referenced this pull request Jul 16, 2024
… kiuwan-sca

# By dependabot[bot] (13) and others
# Via GitHub
* 'kiuwan-sca' of github.com:mwager/django-DefectDojo: (39 commits)
  Deprecate Python-jose and migrate okta to python_social_auth (DefectDojo#10117)
  fix: dockerfile warnings (DefectDojo#10505)
  Ruff: Add and fix Q000 (DefectDojo#10095)
  Fix(django): Upgrade of 4.2 (DefectDojo#10553)
  fix(deps): build python psycopg3 dependency instead of use the pre-build binary (DefectDojo#10491)
  Bump coverage from 7.5.4 to 7.6.0 (DefectDojo#10560)
  Bump asteval from 1.0.0 to 1.0.1 (DefectDojo#10561)
  Bump djangorestframework from 3.14.0 to 3.15.2 (DefectDojo#10431)
  Bump boto3 from 1.34.142 to 1.34.143 (DefectDojo#10558)
  Bump django-debug-toolbar from 4.4.5 to 4.4.6 (DefectDojo#10557)
  Bump boto3 from 1.34.141 to 1.34.142 (DefectDojo#10551)
  Bump packageurl-python from 0.15.2 to 0.15.3 (DefectDojo#10541)
  Bump boto3 from 1.34.140 to 1.34.141 (DefectDojo#10542)
  Update helm lock file
  Update versions in application files
  Update versions in application files
  API: Convert get_filterset calls to get_queryset (DefectDojo#10543)
  Bump django-debug-toolbar from 4.4.4 to 4.4.5 (DefectDojo#10527)
  Fix ruff
  Ruff fix
  ...

# Conflicts:
#	dojo/settings/.settings.dist.py.sha256sum
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants