Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge back 2.38.2 into bugfix from: master-into-bugfix/2.38.2-2.39.0-dev #10920

Merged
merged 3 commits into from
Sep 16, 2024
Merged

Release: Merge back 2.38.2 into bugfix from: master-into-bugfix/2.38.2-2.39.0-dev #10920

merged 3 commits into from
Sep 16, 2024

Conversation

github-actions[bot]
Copy link
Contributor

Release triggered by rossops

DefectDojo release bot and others added 3 commits September 16, 2024 18:29
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 16, 2024
edited
Loading

DryRun Security Summary

The changes in this GitHub Pull Request involve updating the version numbers in two files, dojo/__init__.py and helm/defectdojo/Chart.yaml, which appear to be routine version updates without any obvious security vulnerabilities.

Expand for full summary

Summary:

The changes in this GitHub Pull Request are focused on updating the version numbers in two different files: dojo/__init__.py and helm/defectdojo/Chart.yaml. These changes appear to be routine version updates and do not introduce any obvious security vulnerabilities.

In the dojo/__init__.py file, the version number has been updated from "2.38.1" to "2.38.2", which is a minor version increment. This type of update typically indicates a bug fix or a small feature addition, and it does not directly impact the security of the application.

Similarly, the helm/defectdojo/Chart.yaml file has been updated to reflect a change in the version of the DefectDojo Helm chart, from 1.6.150-dev to 1.6.151-dev. Again, this is a minor version increment and does not directly impact the security of the DefectDojo application itself.

However, as an application security engineer, it's important to review the project's release notes or changelog to understand the nature of the changes and ensure that there are no security-related updates included in this release. Additionally, it's recommended to regularly review the project's dependencies and their versions to ensure that any known vulnerabilities are addressed.

Files Changed:

  1. dojo/__init__.py:

    • The version number in the __version__ variable has been updated from "2.38.1" to "2.38.2".
    • No other changes have been made to the code.
    • The file contains import statements and some global variables, including the __url__ and __docs__ variables, which provide the GitHub repository URL and the documentation URL for the project, respectively.

  2. helm/defectdojo/Chart.yaml:

    • The version of the DefectDojo Helm chart has been updated from 1.6.150-dev to 1.6.151-dev.
    • This is a minor version increment, which typically indicates a bug fix or a small feature addition.
    • The Helm chart includes dependencies on PostgreSQL, PostgreSQL-HA, and Redis, which should be regularly reviewed for any security vulnerabilities or updates.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@rossops rossops closed this Sep 16, 2024
@rossops rossops reopened this Sep 16, 2024
@github-actions github-actions bot added the helm label Sep 16, 2024
@rossops rossops merged commit cded3cf into bugfix Sep 16, 2024
71 checks passed
@Maffooch Maffooch deleted the master-into-bugfix/2.38.2-2.39.0-dev branch September 16, 2024 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rossops