Bump boto3 from 1.35.2 to 1.35.5

[dependabot]

Bumps boto3 from 1.35.2 to 1.35.5.

Commits

• 07b20a3 Merge branch 'release-1.35.5'
• dfe6eee Bumping version to 1.35.5
• f992cb9 Add changelog entries from botocore
• 6775096 Merge branch 'release-1.35.4'
• b3fc22c Merge branch 'release-1.35.4' into develop
• 2addded Bumping version to 1.35.4
• 100ab89 Add changelog entries from botocore
• 2ad7f06 Merge branch 'release-1.35.3'
• 18867b0 Merge branch 'release-1.35.3' into develop
• 981c83a Bumping version to 1.35.3
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
boto3	[< 1.25, > 1.24.55]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided code change updates the boto3 library version from 1.35.2 to 1.35.5 in the requirements.txt file of the DefectDojo application, which is a routine dependency update that does not appear to introduce any significant security concerns.

Expand for full summary

Summary:

The provided code change is a modification to the requirements.txt file, which is a file used to manage the dependencies of a Python-based application, in this case, the DefectDojo application. The key change in the patch is the update of the boto3 library version from 1.35.2 to 1.35.5. This library is required for the Celery Broker AWS (SQS) support in the application.

From an application security perspective, this change is not particularly interesting, as it is simply a version update to a dependency. However, it is still important to review dependency updates to ensure that they do not introduce any known security vulnerabilities. In this case, the update to boto3 version 1.35.5 is likely a minor version update that does not contain any significant security fixes. Overall, this code change appears to be a routine dependency update, and there are no obvious security concerns based on the information provided.

Files Changed:

• requirements.txt: The version of the boto3 library has been updated from 1.35.2 to 1.35.5. This library is required for the Celery Broker AWS (SQS) support in the DefectDojo application.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[cneill]

@dependabot rebase

[dependabot]

Superseded by #10816.