Bump python from 3.11.9-slim-bookworm to 3.13.0-slim-bookworm

[dependabot]

Bumps python from 3.11.9-slim-bookworm to 3.13.0-slim-bookworm.

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
python	[>= 3.9.a, < 3.10]

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dryrunsecurity]

DryRun Security Summary

The provided code changes update the base Docker images used for the DefectDojo application, including the Django-based backend and the Nginx-based frontend, with a focus on maintaining a secure and up-to-date foundation for the application.

Expand for full summary

Summary:

The provided code changes update the base Docker images used for the DefectDojo application, including the Django-based backend and the Nginx-based frontend. The key changes involve upgrading the Python version from 3.11.9 to 3.13.0, updating dependencies, and configuring the build and runtime environments for the application.

From an application security perspective, the changes appear to be focused on maintaining a secure and up-to-date foundation for the application. The use of secure base images, the management of dependencies, and the implementation of security best practices, such as static file handling and environment variable management, are all positive steps towards ensuring the overall security of the application.

However, it's crucial to thoroughly review the changes and ensure that the updated components do not introduce any new security vulnerabilities. This includes verifying the security of the new Python version, checking the dependencies for known vulnerabilities, and carefully reviewing the configuration settings to prevent any potential security issues.

Files Changed:

1. Dockerfile.django-debian: This file updates the base Python image from 3.11.9 to 3.13.0 and includes various optimizations and security-related practices, such as the use of a dedicated user, caching mechanisms, and entrypoint scripts.

2. Dockerfile.django-alpine: Similar to the Dockerfile.django-debian, this file updates the base Python image and includes security-focused practices, such as user management, dependency management, and entrypoint script handling.

3. Dockerfile.integration-tests-debian: This Dockerfile sets up an integration test environment based on the Python 3.13.0-slim-bookworm image. It includes the installation of Chrome, ChromeDriver, and various dependencies required for running integration tests. The security aspects to consider include the versioning and security of the installed components.

4. Dockerfile.nginx-alpine and Dockerfile.nginx-debian: These Dockerfiles update the base image for the Nginx-based frontend of the DefectDojo application. The changes focus on upgrading the Python version, managing dependencies, and configuring the Nginx web server to serve the application's static assets securely.

Overall, the provided code changes appear to be a routine update to the Dockerfiles used in the DefectDojo application, with a focus on maintaining a secure and up-to-date foundation. As an application security engineer, it's essential to thoroughly review the changes, ensure the security of the updated components, and monitor the application's security posture on an ongoing basis.

Code Analysis

We ran 9 analyzers against 5 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[Maffooch]

Holding on this until we are ready to go to python3.12 instead of making a jump

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[dependabot]

Superseded by #11390.