Bump boto3 from 1.35.20 to 1.35.21

[dependabot]

Bumps boto3 from 1.35.20 to 1.35.21.

Commits

• abf29a7 Merge branch 'release-1.35.21'
• e5cee57 Bumping version to 1.35.21
• 16ae858 Add changelog entries from botocore
• 38f89a4 Merge branch 'release-1.35.20' into develop
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
boto3	[< 1.25, > 1.24.55]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided text summarizes a code change in the requirements.txt file that updates the boto3 library from version 1.35.20 to 1.35.21, which is required for Celery Broker AWS (SQS) support in the DefectDojo application, and emphasizes the importance of thoroughly testing the application after any dependency updates to ensure that the changes do not introduce any regressions or new security issues.

Expand for full summary

Summary:

The code change in the provided requirements.txt file is an update to the boto3 library from version 1.35.20 to 1.35.21. This library is required for Celery Broker AWS (SQS) support, which is a feature used in the DefectDojo application. From an application security perspective, this change is not particularly interesting, as updating dependencies to their latest versions is generally a good practice to help address known security vulnerabilities. However, it's important to thoroughly test the application after any dependency updates to ensure that the changes do not introduce any regressions or introduce new security issues.

One thing to note is that the requirements.txt file contains a large number of dependencies, which can increase the attack surface of the application. It's a good practice to regularly review the dependencies and remove any that are no longer needed or are not being actively maintained. Additionally, it's important to ensure that all dependencies are up-to-date and that any known security vulnerabilities are addressed.

Files Changed:

• requirements.txt: The changes in this file update the boto3 library from version 1.35.20 to 1.35.21. This library is required for Celery Broker AWS (SQS) support, which is a feature used in the DefectDojo application.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved