Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

actions/download-artifact action from v to v #9575

Closed
wants to merge 8,824 commits into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 17, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
actions/download-artifact action major v3 -> v4

Release Notes

actions/download-artifact (actions/download-artifact)

v4

Compare Source


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

DefectDojo release bot and others added 30 commits January 2, 2024 18:31
…0-dev

Release: Merge back 2.30.0 into dev from: master-into-dev/2.30.0-2.31.0-dev
Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0)

---
updated-dependencies:
- dependency-name: lxml
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…alpine (docker-compose.yml) (#9240)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1.
- [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1)

---
updated-dependencies:
- dependency-name: drf-spectacular-sidecar
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…github/workflows/k8s-tests.yml) (#9257)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…31.0-dev

Release: Merge back 2.30.0 into bugfix from: master-into-bugfix/2.30.0-2.31.0-dev
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@10.1.0...10.2.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🐛 fix zap, issue #9242

* adapt identiation
* Add Announcement to API

* Add test_rest_framework

* Add test_swagger_schema

* Flake8

* Fix count

* Skip test

* Inc db_mig

* Use DojoModelViewSet

* inc db_mig
* feat: add auditlog retention

* linting: satisfy flake8

* fix: forgot imports in tasks.py

* fix: add necessary test-data

* Update unittests/test_flush_auditlog.py

Co-authored-by: kiblik <[email protected]>

* Update unittests/test_flush_auditlog.py

Co-authored-by: kiblik <[email protected]>

* Update unittests/test_flush_auditlog.py

Co-authored-by: kiblik <[email protected]>

* Update dojo/tasks.py

Co-authored-by: kiblik <[email protected]>

* Update unittests/test_flush_auditlog.py

Co-authored-by: kiblik <[email protected]>

* Update test_flush_auditlog.py

removed spaces

* fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter

---------

Co-authored-by: MarianG <[email protected]>
Co-authored-by: kiblik <[email protected]>
* feat: add cvss value to finding and only overwrite values if not already set

This is because of XML Report Layout of Qualys. It has CVSS Values on concrete Finding and in the Knowledgebase.   The values in the concrete Finding are more accurate and are parsed at first. It would be much better to stick with those values and only use the ones from the Knowledgebase if CVSS values from concrete finding are missing

* linting: flake8

* feat: add unit-test for cvss_score field

* remove unnecessary loop

Co-authored-by: Charles Neill <[email protected]>

* Update test_qualys_parser.py for linting

---------

Co-authored-by: MarianG <[email protected]>
Co-authored-by: Charles Neill <[email protected]>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.11 to 1.34.12.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](boto/boto3@1.34.11...1.34.12)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…9281)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/package-url/packageurl-python/releases)
- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst)
- [Commits](package-url/packageurl-python@v0.13.1...v0.13.2)

---
updated-dependencies:
- dependency-name: packageurl-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [boto3](https://github.com/boto/boto3) from 1.34.12 to 1.34.13.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](boto/boto3@1.34.12...1.34.13)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ocker-compose.yml) (#9283)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…PI endpoints (#8707)

* Set Development default environment (new import)

* fix flake8 issue

* Trivy parser includes causeMetadata in findings description

* Fix System Settings Required Fields Jira

* remove print

* flake code

* merge

* merge

* Add apply tags to findings to importer and reimporter functions

* fix changes

* Addedd to import scan and reimport scan functions the apply tags parameter

* fix validations

* remove default true in importscan serializer

* fix error in testing tags

* added apply tag to findings parameter to UI

* removed unnecessary lines

---------

Co-authored-by: Felix Hernandez <[email protected]>
Release: Merge release into master from: release/2.30.1
…31.0-dev

Release: Merge back 2.30.1 into bugfix from: master-into-bugfix/2.30.1-2.31.0-dev
…0-dev

Release: Merge back 2.30.1 into dev from: master-into-dev/2.30.1-2.31.0-dev
…ml) (#9288)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Feb 17, 2024
Copy link

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status DryRun Security Check
Sensitive Functions Analyzer
Configured Sensitive Files Analyzer
Sensitive Files Analyzer

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

@dsever
Copy link
Contributor

dsever commented Mar 5, 2024

Copy link

dryrunsecurity bot commented Mar 5, 2024

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
AppSec Analyzer 0 findings
Secrets Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Sensitive Files Analyzer 1 finding

Note

🟢 Risk threshold not exceeded.

Powered by DryRun Security

Copy link
Contributor Author

renovate bot commented Mar 5, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@mtesauro mtesauro force-pushed the renovate/major-github-artifact-actions branch from eb9ba56 to 6af2d6e Compare April 25, 2024 14:39
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot added docker New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs unittests integration_tests ui parser helm localization labels Apr 25, 2024
@mtesauro mtesauro closed this Apr 25, 2024
@mtesauro mtesauro reopened this Apr 25, 2024
Copy link
Contributor Author

renovate bot commented Apr 25, 2024

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 4.x releases. But if you manually upgrade to 4.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate renovate bot closed this Apr 25, 2024
@renovate renovate bot deleted the renovate/major-github-artifact-actions branch April 25, 2024 19:23
@mtesauro mtesauro changed the title Update actions/download-artifact action from v3 to v4 (.github/workflows/rest-framework-tests.yml) Update actions/download-artifact action from v to v (.github/workflows/rest-framework-tests.yml) Apr 25, 2024
@mtesauro mtesauro changed the title Update actions/download-artifact action from v to v (.github/workflows/rest-framework-tests.yml) actions/download-artifact action from v to v Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
apiv2 conflicts-detected dependencies Pull requests that update a dependency file docker docs helm integration_tests localization New Migration Adding a new migration file. Take care when merging. parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui unittests
Projects
None yet
Development

Successfully merging this pull request may close these issues.