-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
actions/download-artifact action from v to v #9575
Conversation
…0-dev Release: Merge back 2.30.0 into dev from: master-into-dev/2.30.0-2.31.0-dev
Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…alpine (docker-compose.yml) (#9240) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…github/workflows/k8s-tests.yml) (#9257) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…31.0-dev Release: Merge back 2.30.0 into bugfix from: master-into-bugfix/2.30.0-2.31.0-dev
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.1.0...10.2.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add Announcement to API * Add test_rest_framework * Add test_swagger_schema * Flake8 * Fix count * Skip test * Inc db_mig * Use DojoModelViewSet * inc db_mig
* feat: add auditlog retention * linting: satisfy flake8 * fix: forgot imports in tasks.py * fix: add necessary test-data * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <[email protected]> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <[email protected]> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <[email protected]> * Update dojo/tasks.py Co-authored-by: kiblik <[email protected]> * Update unittests/test_flush_auditlog.py Co-authored-by: kiblik <[email protected]> * Update test_flush_auditlog.py removed spaces * fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter --------- Co-authored-by: MarianG <[email protected]> Co-authored-by: kiblik <[email protected]>
* feat: add cvss value to finding and only overwrite values if not already set This is because of XML Report Layout of Qualys. It has CVSS Values on concrete Finding and in the Knowledgebase. The values in the concrete Finding are more accurate and are parsed at first. It would be much better to stick with those values and only use the ones from the Knowledgebase if CVSS values from concrete finding are missing * linting: flake8 * feat: add unit-test for cvss_score field * remove unnecessary loop Co-authored-by: Charles Neill <[email protected]> * Update test_qualys_parser.py for linting --------- Co-authored-by: MarianG <[email protected]> Co-authored-by: Charles Neill <[email protected]>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.11 to 1.34.12. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.11...1.34.12) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…9281) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.13.1 to 0.13.2. - [Release notes](https://github.com/package-url/packageurl-python/releases) - [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) - [Commits](package-url/packageurl-python@v0.13.1...v0.13.2) --- updated-dependencies: - dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.12 to 1.34.13. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.12...1.34.13) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ocker-compose.yml) (#9283) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…PI endpoints (#8707) * Set Development default environment (new import) * fix flake8 issue * Trivy parser includes causeMetadata in findings description * Fix System Settings Required Fields Jira * remove print * flake code * merge * merge * Add apply tags to findings to importer and reimporter functions * fix changes * Addedd to import scan and reimport scan functions the apply tags parameter * fix validations * remove default true in importscan serializer * fix error in testing tags * added apply tag to findings parameter to UI * removed unnecessary lines --------- Co-authored-by: Felix Hernandez <[email protected]>
Release: Merge release into master from: release/2.30.1
…31.0-dev Release: Merge back 2.30.1 into bugfix from: master-into-bugfix/2.30.1-2.31.0-dev
…0-dev Release: Merge back 2.30.1 into dev from: master-into-dev/2.30.1-2.31.0-dev
…ml) (#9288) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Contextual Security AnalysisAs DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.
Chat with your AI-powered Security Buddy by typing Install and configure more repositories at DryRun Security |
Adapt upload to v4
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Powered by DryRun Security |
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
eb9ba56
to
6af2d6e
Compare
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This PR contains the following updates:
v3
->v4
Release Notes
actions/download-artifact (actions/download-artifact)
v4
Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.