chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) by renovate[bot] · Pull Request #14222 · DefectDojo/django-DefectDojo

renovate · 2026-02-01T01:12:42Z

This PR contains the following updates:

Package	Update	Change
renovatebot/renovate	major	`42.92.5` → `43.2.5`

Release Notes

renovatebot/renovate (renovatebot/renovate)

`v43.2.5`

Compare Source

Bug Fixes

gitlab: skip automerge retry when merge_when_pipeline_succeeds already set (#39979) (0f54593)

Miscellaneous Chores

deps: update dependency globals to v17.2.0 (main) (#40883) (127af7b)
deps: update dependency type-fest to v5.4.2 (main) (#40882) (50ada6e)
renovate: enable maintenance branch (#40871) (75274a4)

`v43.2.4`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.12 (main) (#40880) (e0d383c)

`v43.2.3`

Compare Source

Bug Fixes

workers: re-attempt platform automerge only in case of new commits (#40028) (c396b58)

`v43.2.2`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.11 (main) (#40870) (9945be3)
set defaul docker user for sidecar (#40869) (054cf2c)

Miscellaneous Chores

deps: update dependency @containerbase/semantic-release-pnpm to v1.3.18 (main) (#40669) (4310d07)
deps: update dependency typescript-eslint to v8.54.0 (main) (#40864) (956a3cd)
deps: update dependency vite-tsconfig-paths to v6 (main) (#40872) (9e32fde)
deps: update dessant/label-actions action to v5 (main) (#40873) (f038065)
deps: update dessant/lock-threads action to v6 (main) (#40874) (38107a0)
deps: update github artifact actions (main) (major) (#40876) (87436ba)
deps: update peter-evans/create-pull-request action to v8 (main) (#40877) (5b70890)

Build System

deps: update dependency protobufjs to v8 (main) (#40878) (d24e7ac)

`v43.2.1`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.10 (main) (#40863) (179abe4)

Miscellaneous Chores

deps: update dependency pnpm to v10.28.2 (main) (#40860) (9293099)
deps: update github/codeql-action action to v4.32.1 (main) (#40862) (c4a2919)
deps: update linters to v1.42.0 (main) (#40861) (d9e7a28)

`v43.2.0`

Compare Source

Features

Add github-digest datasource (#40226) (c246f81)

`v43.1.0`

Compare Source

Features

bitbucket-server: add support for platformAutomerge (#39885) (2254178)
pip-compile: Support the --group uv pip compile option (#40665) (2062788)

`v43.0.10`

Compare Source

Bug Fixes

onboardingAutoCloseAge: don't allow higher inherited value than global (#40810) (#40817) (dc9f868)

Documentation

update references to renovate/renovate to v43.0.9 (main) (#40836) (38ab16b)
update references to renovatebot/github-action to v46.0.1 (main) (#40843) (8dfe853)

Miscellaneous Chores

deps: lock file maintenance (main) (#40837) (3ad3cf2)
deps: update containerbase/internal-tools action to v4.0.6 (main) (#40838) (d53a5ac)
deps: update containerbase/internal-tools action to v4.0.7 (main) (#40841) (2be2969)
deps: update dependency @containerbase/eslint-plugin to v1.1.30 (main) (#40839) (f95f33b)
deps: update dependency @containerbase/istanbul-reports-html to v1.1.28 (main) (#40842) (f607cbe)
logging: include PR number when detecting existing branch PR (#40832) (7373eae), closes #123

`v43.0.9`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.9 (main) (#40833) (8797acc)

`v43.0.8`

Compare Source

Build System

deps: update dependency re2 to v1.23.1 (main) (#40831) (39dbc07)

`v43.0.7`

Compare Source

Code Refactoring

typo (#40825) (9327821)

Build System

deps: update aws-sdk-js-v3 monorepo to v3.980.0 (main) (#40828) (da2c4b9)

`v43.0.6`

Compare Source

Miscellaneous Chores

deps: update actions/cache action to v5 (main) (#40820) (eb7d33c)
deps: update containerbase/internal-tools action to v4.0.4 (main) (#40819) (fb0a354)
deps: update dependency @types/node to v24 (main) (#40821) (5997152)
deps: update dependency eslint-formatter-gha to v2 (main) (#40822) (6064667)
deps: update dependency globals to v17 (main) (#40823) (ac23ffc)
deps: update dependency renovatebot/github-action to v46 (main) (#40814) (48de4a1)
deps: update renovate/renovate docker tag to v43 (main) (#40807) (b44d3d5)

Build System

trim channel for docker builds (#40818) (e004f84)

`v43.0.5`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.8 (main) (#40803) (a73b6e1)

`v43.0.4`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.7 (main) (#40801) (2b958f3)

`v43.0.3`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.6 (main) (#40795) (7394478)

Miscellaneous Chores

onboarding: capitalise the prHourlyLimit (#39443) (991fdbf)

`v43.0.2`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.5 (main) (#40793) (00a1006)

Documentation

mise: Fix invalid configuration example (#40792) (24ae070)

`v43.0.1`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v13.1.4 (main) (#40788) (1e4f4d3)

Documentation

opentelemetry: revamp documentation (#40765) (18c7915), closes #40126

`v43.0.0`

Compare Source

Breaking changes for 43

Allowlisting required for "unsafe commands" #40684

[!NOTE]
This should only affect you if you work with repositories that have a Gradle Wrapper.

Prior to Renovate 43, when performing updates in a repository that used Gradle, Renovate would execute the Gradle Wrapper (./gradlew or gradlew.bat).

This is a well-documented "insider attack" risk that could lead to remote code execution in the context of the Renovate process, as execution of the Gradle buildscript:

is controlled by the anyone with write access to the repository being processed
can look for specific tasks to execute specific code
can execute code from source-tracked scripts
can execute code from third-party libraries

This can occur during updates to the Gradle wrapper or using Gradle's Dependency Verification Metadata when updating Gradle dependencies.

As of Renovate 43, this long-standing risk is disabled by default to make Renovate more "secure by default".

Self-hosted administrators can re-enable this using the global self-hosted configuration allowedUnsafeExecutions.

`postUpgradeTasks` will no longer run with `shell` mode by default #40230

As noted in #40403 and GHSA-pfq2-hh62-7m96, existing access to a repository could lead to remote code execution due to incorrectly quoted shell commands.

The fix for GHSA-pfq2-hh62-7m96 applied to commands invoked by Renovate, but did not cover postUpgradeTasks, which are allowlisted by a self-hosted administrator.

To provide a safer default, commands that run through postUpgradeTasks will no longer run inside a shell.

Self-hosted administrators can re-enable this using the global self-hosted configuration allowShellExecutorForPostUpgradeCommands=true.

`binarySource=docker` is officially deprecated #40735

As noted in #40747, we have now officially deprecated the binarySource=docker option.

There is no timeline decided on the removal of the functionality.

For more details and/or to provide feedback on your use case and why binarySource=install does not work for you, please see #40747.

Renovate now ships as ESM (ECMAScript Modules) #9890 / #40756

This should not affect users, only cases where Renovate is imported as a library. Given our previous support of Node 22, ESM can still be imported from Common JS (CJS) files.

Out of caution and for visibility, this is part of the major release.

`config:best-practices` will now perform weekly lockfile maintenance #40735

As part of the Renovate maintainers' opinionated "best practices" configuration, Renovate will now perform a weekly lockfile maintenance task, keeping your lockfiles updated.

This is due to an increase in package managers using lock files, but users not necessarily being aware of the need to enable this explicitly.

If this is not applicable to you, you can use ignorePresets, i.e.

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:best-practices"
  ],
  "ignorePresets": [
    ":maintainLockFilesWeekly"
  ]
}

JSON Schema split for repo or global configuration #38619

Renovate now has separate JSON Schemas for repository configuration, repository configuration (and inherit config) for writing org-inherited-config.json, and global self-hosted configuration:

https://docs.renovatebot.com/renovate-schema.json (repository configuration)
https://docs.renovatebot.com/renovate-global-schema.json (global self-hosted configuration)
https://docs.renovatebot.com/renovate-inherited-schema.json (repository configuration, including inherited config options)

This provides better validation for your editor/agent, as you now only see documentation for the relevant configuration type you're writing.

You can read more in the Renovate JSON Schema documentation.

This does not affect renovate-config-validator.

Replacements cannot be grouped with other updates #40758

To prevent replacements being grouped in with other updates, which can sometimes lead to them failing to correctly replace a package, they will no longer be grouped.

This may lead to some PRs being modified/created when you upgrade to this version of Renovate.

Lock file maintenance cannot be grouped with other updates #40781

To prevent lock file maintenance being grouped in with other updates, which can sometimes lead to them failing to perform the lock file maintenance.

This may lead to some PRs being modified/created when you upgrade to this version of Renovate.

Use `wasm-java` build of Bouncy Castle #40678

To improve performance for encryption/decryption of secrets, as well as supporting AEAD, we have moved the default Bouncy Castle build to use wasm-java.

Renovate now requires a minimum of Node 24 #40675

The existing requirements of Node 24.11.0 has not changed.

This only drops support for Node 22.x.

Package name for Node.JS in Mise has changed to `node` #40466

To be more consistent with other package managers, the Node.JS package has been renamed to node.

This ensures that updates to NodeJS (when using Mise) are grouped with other package updates.

The `useCloudMetadataServices` configuration is now environment variable only #40638

As a first step towards solving #38604, we have migrated this configuration option to being environment variable configuration only.

Note that technically Renovate will still detect it if it's set in a config.js, but with changes in #38604 it will not affect the execution.

Default tool version updates #39100

For users of the upstream Renovate container images, the following tools have been updated to new major versions:

Tool	Version
Bundler	4.0.4
Dotnet	10.0.102
Helm	v4.1.0
PHP	8.5.2
Pipenv	2026.0.3
Ruby	4.0.1

Commentary for 43

There aren't any big changes as part of this release to call out - this is a fairly "routine" major version, where we're doing a little cleanup, making some improvements to be "secure by default", and updating our default tool versions.

Deprecations

As part of this release, we want to make you aware of deprecated features which will be removed as of Renovate 44:

Removal of x-access-token: prefix for GitHub

⚠ BREAKING CHANGES

deps: Update ghcr.io/renovatebot/base-image Docker tag to v13 (main) (#40730)
prevent grouping of lockfile maintenance updates (#40781)
Switch to ESM modules (#40756)
prevent grouping of replacement updates (#40758)
config: deprecate binarySource=docker (#40754)
presets: add maintainLockFilesWeekly to best-practices preset (#40735)
config: make useCloudMetadataServices environment-only (#40638)
self-hosted: don't allow any unsafe commands by default (#40684)
self-hosted: don't use shell: true for postUpgradeTasks (#40230)
json-schema: forbid global-only options in repo configuration (#38619)
presets: add hostType=github to :githubComToken (#38975)
use wasm-java build of Bouncy Castle (#40678)
mise: rename packageName from nodejs to node (#40466)
require node v24 (#40675)

Features

config: deprecate binarySource=docker (#40754) (3644ac8), closes #40747
deps: Update ghcr.io/renovatebot/base-image Docker tag to v13 (main) (#40730) (5a2107d)
presets: add hostType=github to :githubComToken (#38975) (0d912db), closes #38961
presets: add maintainLockFilesWeekly to best-practices preset (#40735) (28dccba)
require node v24 (#40675) (dcdd1c3)
Switch to ESM modules (#40756) (2b0e80b)
use wasm-java build of Bouncy Castle (#40678) (4e19e7c)

Bug Fixes

config: make useCloudMetadataServices environment-only (#40638) (a630187), closes #38604
mise: rename packageName from nodejs to node (#40466) (8dc1133)
prevent grouping of lockfile maintenance updates (#40781) (3ed1817)
prevent grouping of replacement updates (#40758) (c7222c6)
self-hosted: don't allow any unsafe commands by default (#40684) (b6ef3e1)
self-hosted: don't use shell: true for postUpgradeTasks (#40230) (cb49754)

Documentation

add announcement bar for v43 (93423cf)

Miscellaneous Chores

json-schema: forbid global-only options in repo configuration (#38619) (192ae36), closes #38728
use updateType in log message (d1e3f13)

`v42.95.4`

Compare Source

Build System

deps: update dependency re2 to v1.23.1 (maint/42.x) (#40886) (8e142c2)

`v42.95.3`

Compare Source

Bug Fixes

set defaul docker user for sidecar (#40869) (9cd752b)

Miscellaneous Chores

onboardingAutoCloseAge: correct comment (#40844) (45a4456)

`v42.95.2`

Compare Source

Bug Fixes

onboardingAutoCloseAge: don't allow higher inherited value than global (#40810) (ffb95ed)

Build System

trim channel for docker builds (cd27b1d)

`v42.95.1`

Compare Source

Bug Fixes

pnpm: don't update workspace when no pnpm-lock.yaml found (#40780) (0c49124), closes #40774

Miscellaneous Chores

deps: update containerbase/internal-tools action to v4.0.3 (main) (#40783) (b2e1382)

Continuous Integration

add auto reviewer (#40782) (e55ad44)

`v42.95.0`

Compare Source

Features

sidecar: use renovatebot/base-image instead of containerbase/sidecar (#40772) (cd0426b)

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v12.31.2 (main) (#40776) (dbe0cf7)

Build System

deps: update opentelemetry-js-contrib monorepo (main) (#40775) (a94398b)

`v42.94.7`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v12.31.2 (main) (#40773) (f1790af)

`v42.94.6`

Compare Source

Bug Fixes

gerrit: not cloning submodules (#40089) (5db0218)

`v42.94.5`

Compare Source

Bug Fixes

presets: dockerfile globs (#40770) (ca446fb)

`v42.94.4`

Compare Source

Build System

deps: update opentelemetry-js monorepo (main) (#40769) (e95089a)
deps: update opentelemetry-js monorepo to v2.5.0 (main) (#40768) (7c43e8f)

`v42.94.3`

Compare Source

Bug Fixes

override tar (#40766) (ce12e9f)

Miscellaneous Chores

add proper imports from azure-devops-node-api (#40762) (e36d080)
deps: update containerbase/internal-tools action to v4.0.2 (main) (#40767) (5ad49c3)
deps: update dependency tar to v7.5.7 [security] (main) (#40764) (cd2b768)
fix type import (#40760) (eaed53a)

Code Refactoring

use named simpleGit imports (#40759) (17a1bba)

`v42.94.2`

Compare Source

Bug Fixes

config/validation: show deprecationMsg as a warning if present (#40753) (e049e56)

Miscellaneous Chores

deps: update containerbase/internal-tools action to v4 (main) (#40750) (60d733a)

Code Refactoring

Remove decorators for ESM compatibility (#40736) (c07814c)

Tests

validation: add tests for custom deprecation messages (#40752) (0daf184)

`v42.94.1`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v12.31.1 (main) (#40749) (fa7e075)

Code Refactoring

tools: reduce noise in generate-imports script (#40186) (69fedef)

`v42.94.0`

Compare Source

Features

deps: update ghcr.io/renovatebot/base-image docker tag to v12.31.0 (main) (#40746) (ebfbcfd)

Bug Fixes

deps: update ghcr.io/containerbase/sidecar docker tag to v13.26.7 (main) (#40745) (592bf20)

Documentation

correct references to binarySource=install for Mend-hosted (#40740) (783002c)

Miscellaneous Chores

deps: update containerbase/internal-tools action to v3.15.0 (main) (#40732) (b0f4ec3)
deps: update dependency tar to v7.5.6 (main) (#40739) (f29e971)
deps: update ghcr.io/containerbase/devcontainer docker tag to v14.0.1 (main) (#40741) (67964c8)

`v42.93.1`

Compare Source

Bug Fixes

datasource/docker: treat empty string as no architecture (#40715) (1db6be0)

`v42.93.0`

Compare Source

Features

inherit support for onboardingAutoCloseAge (#40086) (c58c16f)

Documentation

json-schema: add separate documentation page (#40722) (1edb6c3), closes #40716

Miscellaneous Chores

deps: update containerbase/internal-tools action to v3.14.57 (main) (#40727) (95958c6)
replace URL.parse (#40703) (e958373)

`v42.92.14`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v12.30.4 (main) (#40721) (33b0fcd)

Code Refactoring

Extract decorator logic into standalone functions (#40710) (ad47fd2)
Remove constructor parameter properties (#40712) (c5b0a74)

`v42.92.13`

Compare Source

Bug Fixes

gradle-wrapper: don't execute when allowedUnsafeExecutions (#40719) (3e70904)

`v42.92.12`

Compare Source

Bug Fixes

workingDirTemplate must be relative to the repo root (#40068) (bde55d5)

`v42.92.11`

Compare Source

Bug Fixes

deps: update ghcr.io/renovatebot/base-image docker tag to v12.30.3 (main) (#40711) (c72d818)

Miscellaneous Chores

deps: update dependency eslint-plugin-oxlint to v1.41.0 (main) (#40707) (4d8e18a)

Code Refactoring

Rewrite imports with .ts extensions (#40700) (930cf66)

`v42.92.10`

Compare Source

Bug Fixes

config/validation: handle platform-prefixed onboardingConfigFileName (#40619) (1b6c63a)
reconfigure: migrate before validating (#40647) (7eb1ee9)

Documentation

config-validation: note the behaviour of --no-global (#40584) (30b7421)

Miscellaneous Chores

deps: update dependency oxlint to v1.41.0 (main) (#40704) (dff788f)
deps: update github/codeql-action action to v4.32.0 (main) (#40705) (e73c6aa)
extract KubernetesResource schema for future broader usage (#40264) (a7ddfcc)
replace URL.resolve (#40702) (18bd321)

`v42.92.9`

Compare Source

Bug Fixes

sbt: consider html hrefs in absolute and root-relative format (#39464) (e5c2caa)

`v42.92.8`

Compare Source

Miscellaneous Chores

deps: update dependency typescript-eslint to v8.53.1 (main) (#40698) (3106c46)

Code Refactoring

replace nanoid with crypto.randomUUID (#40695) (5c796e1)

Build System

Switch to tsdown for .d.ts generation (#40696) (98d0b0f)

`v42.92.7`

Compare Source

Bug Fixes

json-schema: add a separate schema for Inherit Config (#40683) (0b42055)

`v42.92.6`

Compare Source

Bug Fixes

config: ensure that config options are immutable (#40682) (13869dd)
manager/bun: run bun from lock file directory (#40274) (cd044ee)

Miscellaneous Chores

deps: update linters to v1.40.0 (main) (#40688) (e52ee4f)

Build System

Switch to rolldown (#40686) (42103c5)

Configuration

📅 Schedule: Branch creation - Only on Sunday ( * * * * 0 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

mtesauro

Approved

…43 (.github/workflows/renovate.yaml)

…43 (.github/workflows/renovate.yaml) (DefectDojo#14222) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency @tabler/icons from 3.36.0 to v3.36.1 (docs/package.json) (#14023) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump celery from 5.6.0 to 5.6.1 (#14005) Bumps [celery](https://github.com/celery/celery) from 5.6.0 to 5.6.1. - [Release notes](https://github.com/celery/celery/releases) - [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst) - [Commits](https://github.com/celery/celery/compare/v5.6.0...v5.6.1) --- updated-dependencies: - dependency-name: celery dependency-version: 5.6.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update python:3.13.11-slim-trixie Docker digest from 3.13.11 to v (Dockerfile.integration-tests-debian) (#14008) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix: remove unnecessary blank line in sanitize_vulnerability_ids function * Update versions in application files * use celery[sqs] bundle (#14004) * Update versions in application files * Update versions in application files * announcements: catch exceptions * chore(deps): bump django-polymorphic from 4.5.2 to 4.6.0 (#14030) Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.5.2 to 4.6.0. - [Release notes](https://github.com/jazzband/django-polymorphic/releases) - [Changelog](https://github.com/jazzband/django-polymorphic/blob/master/docs/changelog.rst) - [Commits](https://github.com/jazzband/django-polymorphic/compare/v4.5.2...v4.6.0) --- updated-dependencies: - dependency-name: django-polymorphic dependency-version: 4.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update migration notes for django-pghistory (#14043) Clarify the migration process for django-pghistory tables. * fix front matter in PingCastle docs (#14036) * :lipstick: Add output description reference to google cloud artifactory scan (#14038) * remove dojo_model_to/from_id decorator (#13984) * remove dojo_model_to/from_id decorator * remove dojo_model_from/to_id * remove dojo_model_from/to_id * remove dojo_model_from/to_id * remove dojo_model_from/to_id * fix tests * remove leftover signature methods * fix test counts * fix test counts * fix test counts * Update dojo/settings/settings.dist.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * fix test --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * ReadMe Updates - New Community Portal (#14042) * Revise README for Docker Compose V2 updates Updated README to reflect changes for Docker Compose V2 and removed outdated V1 instructions. * Revise demo links and installation options in README Updated demo environment description and installation options. * Fix Slack community link and improve wording Updated Slack community link and adjusted text for clarity. * Revise social media links and Slack community invitation Updated social media links and community invitation text. * Add files via upload * Update Slack logo link and Twitter image source * Update image sources in README.md * Fix image height in Community section of README * Add files via upload * Update image height in README.md * Revise community portal and Pro edition details Updated community engagement links and enhanced Pro edition description. * Fix formatting in installation options section * Update README.md * Update README.md --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Update .gitignore * chore(deps): bump django-dbbackup from 5.1.0 to 5.1.1 (#14062) Bumps [django-dbbackup](https://github.com/Archmonger/django-dbbackup) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/Archmonger/django-dbbackup/releases) - [Changelog](https://github.com/Archmonger/django-dbbackup/blob/master/CHANGELOG.md) - [Commits](https://github.com/Archmonger/django-dbbackup/compare/5.1.0...5.1.1) --- updated-dependencies: - dependency-name: django-dbbackup dependency-version: 5.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump django-polymorphic from 4.6.0 to 4.8.0 (#14060) Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.6.0 to 4.8.0. - [Release notes](https://github.com/jazzband/django-polymorphic/releases) - [Changelog](https://github.com/jazzband/django-polymorphic/blob/master/docs/changelog.rst) - [Commits](https://github.com/jazzband/django-polymorphic/compare/v4.6.0...v4.8.0) --- updated-dependencies: - dependency-name: django-polymorphic dependency-version: 4.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump urllib3 from 2.6.2 to 2.6.3 (#14059) Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.2 to 2.6.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.6.2...2.6.3) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update mccutchen/go-httpbin docker tag from 2.19.0 to v2.20.0 (docker-compose.override.dev.yml) (#14057) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump pdfmake from 0.3.0 to 0.3.1 in /components (#14055) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.0 to 0.3.1. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md) - [Commits](https://github.com/bpampuch/pdfmake/compare/0.3.0...0.3.1) --- updated-dependencies: - dependency-name: pdfmake dependency-version: 0.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * :bug: Fix multiple google cloud artifact scan bugs (#14052) * :bug: Fix multiple google cloud artifact scan bugs * udpate * chore(deps): bump celery[sqs] from 5.6.1 to 5.6.2 (#14039) Bumps [celery[sqs]](https://github.com/celery/celery) from 5.6.1 to 5.6.2. - [Release notes](https://github.com/celery/celery/releases) - [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst) - [Commits](https://github.com/celery/celery/compare/v5.6.1...v5.6.2) --- updated-dependencies: - dependency-name: celery[sqs] dependency-version: 5.6.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * :lipstick: Refactor multiple scan results (#14046) * reordered-jira-alert-description (#14058) * [docs] pro release notes 2.54.0 (#14047) * update changelog headings * update changelog --------- Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com> * chore(deps): update dependency vite from 7.3.0 to v7.3.1 (docs/package.json) (#14053) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * :tada: Advance Google Cloud Artifact Scan to parse vulnid * :tada: Implement Cloudflare insights parser * . * Update dojo/tools/cloudflare_insights/parser.py Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> * fix: update redis/valkey comment (#13858) * fix: update redis/valkey comment * feat(ci): additional comment updates --------- Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> * Product Grade: Configuration Removal (#14075) * Remove product grade configuration and related management command * Remove product_grade field from system_settings model * Update expected query counts in performance tests for importer * Update versions in application files * Update versions in application files * Update versions in application files * Update expected query counts in performance tests for importers * chore(deps): update dependency renovatebot/renovate from 42.71.0 to v42.80.1 (.github/workflows/renovate.yaml) (#14070) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Remove unused asteval dependency (#14079) - Remove asteval from requirements.txt as it's not used in the codebase - Remove asteval license notice from NOTICE file - No Python code imports or uses asteval * :bug: fix Nonetype in nuclei #14071 (#14072) * chore(deps): bump pdfmake from 0.3.1 to 0.3.2 in /components (#14074) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.1 to 0.3.2. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md) - [Commits](https://github.com/bpampuch/pdfmake/compare/0.3.1...0.3.2) --- updated-dependencies: - dependency-name: pdfmake dependency-version: 0.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Asset/Organizations Endpoints: Patches, permission checking, and API tests (#14080) * Update AssetSerializer fields to allow null values and set defaults * Refactor authorization functions to use type hints for better clarity and maintainability * Enhance permission checks to support multiple primary key attributes in post requests * Refactor check_post_permission to use list type for post_pk parameter * Refactor Organization serializers to handle default values for critical and key assets, and update OrganizationViewSet to use OrganizationFilterSet for filtering. * Refactor API tests to include asset and organization endpoints, enhancing coverage for asset-related functionalities. * Refactor permission classes to use asset and organization-specific permissions, enhancing clarity and maintainability. * Add blank line before UserHasOrganizationGroupPermission class for improved readability * Add Report Builder submenu and improve form validation error messages (#14068) - Add explicit 'Report Builder' submenu item under Reports menu for better UX - Improve form validation error messages to show which specific fields are missing - Fix trailing whitespace in Finding Groups menu item * :arrow_up: Bump ruff from 0.14.10 to 0.14.11 (#14066) * Update python:3.13.11-slim-trixie Docker digest from 3.13.11 to v (Dockerfile.integration-tests-debian) (#14083) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency yamllint from 1.37.1 to v1.38.0 (.github/workflows/test-helm-chart.yml) (#14084) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency node from 24.12.0 to v24.13.0 (.github/workflows/validate_docs_build.yml) (#14086) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update valkey Docker tag from 0.13.0 to v0.15.0 (helm/defectdojo/Chart.yaml) (#14099) * Update valkey Docker tag from 0.13.0 to v0.15.0 (helm/defectdojo/Chart.yaml) * update Helm documentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Update dependency prettier from 3.7.4 to v3.8.0 (docs/package.json) (#14091) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Refactor note fetching logic to improve permission checks and reduce code duplication (#14081) * Enforce readonly name field for Test_Type instances and add dynamic serializer selection (#14090) * Enforce readonly name field for existing Test_Type instances in form * Add TestTypeCreateSerializer and enforce readonly name field in TestTypeSerializer * Add dynamic serializer selection in TestTypesViewSet for create action * Update test payload to set 'active' field instead of 'name' * Update TestTypeTest payload to use 'name' and modify update_fields to 'active' * Add test to verify 'name' field is read-only in TestType * Update actions/setup-node action from v6.1.0 to v6.2.0 (.github/workflows/validate_docs_build.yml) (#14092) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Import/Reimport: Push to jira when findings is not grouped * Add unit tests * chore(deps): bump django-dbbackup from 5.1.1 to 5.1.2 (#14094) Bumps [django-dbbackup](https://github.com/Archmonger/django-dbbackup) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/Archmonger/django-dbbackup/releases) - [Changelog](https://github.com/Archmonger/django-dbbackup/blob/master/CHANGELOG.md) - [Commits](https://github.com/Archmonger/django-dbbackup/compare/5.1.1...5.1.2) --- updated-dependencies: - dependency-name: django-dbbackup dependency-version: 5.1.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update styfle/cancel-workflow-action action from 0.12.1 to v0.13.0 (.github/workflows/cancel-outdated-workflow-runs.yml) (#14093) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Try more recordings? * Update suzuki-shunsuke/github-action-renovate-config-validator action from v1.1.1 to v2 (.github/workflows/renovate.yaml) (#14102) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * 💄 ssl labs json files reformat (#14106) * :lipstick: Refactor ssl_labs json file * more * chore(deps): update actions/cache action from v5.0.1 to v5.0.2 (.github/workflows/validate_docs_build.yml) (#14108) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * :tada: Implement json part for Cloudflare insights parser (#14096) * Consolidation of Template Tags: Make a single use case reusable, and use in report disclaimers (#14098) * Add additional fields to AssetSerializer (#14109) * Add additional fields to AssetSerializer for business criticality, platform, lifecycle, and origin * Correct some filters too * Fix Content-Type header bugs in file downloads and MIME type handling (#14124) Fixes #14118 This commit fixes multiple bugs related to MIME type handling in file downloads: 1. Fixed tuple-as-string bug where mimetypes.guess_type() was used directly in f-strings, resulting in invalid Content-Type headers like "('image/png', None)" instead of "image/png" 2. Added fallback to "application/octet-stream" when MIME type cannot be determined (when guess_type returns None) 3. Fixed incorrect content type for JSON exports (was "json" instead of "application/json") 4. Fixed potential AttributeError crash in inline_image template tag when guess_type returns None and code attempted to call .startswith() on None Files changed: - dojo/api_v2/views.py: Risk acceptance file download (API endpoint) - dojo/utils.py: Generic file response helper function - dojo/finding/views.py: Finding image downloads and JSON template export - dojo/engagement/views.py: Risk acceptance proof downloads - dojo/templatetags/display_tags.py: Inline image template tag All file downloads now properly set Content-Type headers with appropriate fallbacks for unknown file types. * fix bleach memory leak & simplify git commit hash checker (#14117) * commit hash footer: disable in production mode * memory leak: fix bleach usage * simplify git commit hash check * improve git commit detection * cleanup * prettify sample scan files (#14113) * prettify sample scan files * prettify sample scan files * tags from parser: fix parsers, add tests and fallback (#14111) * tags from parser: fix parsers, add tests and fallback * fix tag merge * comments * Update versions in application files * chore(deps): update release-drafter/release-drafter action from v6.1.0 to v6.1.1 (.github/workflows/release-drafter.yml) (#14126) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump pdfmake from 0.3.2 to 0.3.3 in /components (#14122) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.2 to 0.3.3. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md) - [Commits](https://github.com/bpampuch/pdfmake/compare/0.3.2...0.3.3) --- updated-dependencies: - dependency-name: pdfmake dependency-version: 0.3.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update openapitools/openapi-generator-cli Docker tag from v7.18.0 to v7.19.0 (Dockerfile.integration-tests-debian) (#14121) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update losisin/helm-values-schema-json-action action from v2.3.2 to v2.4.1 (.github/workflows/test-helm-chart.yml) (#14115) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update losisin/helm-docs-github-action action from v1.6.2 to v1.7.1 (.github/workflows/test-helm-chart.yml) (#14114) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency renovatebot/renovate from 42.80.1 to v42.85.8 (.github/workflows/renovate.yaml) (#14112) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update python:3.13.11-slim-trixie Docker digest from 3.13.11 to v (Dockerfile.integration-tests-debian) (#14110) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update versions in application files * Update versions in application files * :tada: add Trivy misconfiguration fields #14136 * Fix risk-accepted findings not being closed when vulnerability is fixed (#14125) Fixes #10769 When a finding is risk-accepted and the underlying vulnerability is subsequently fixed (no longer appears in scan reports), the import/reimport process was failing to properly close these findings. This occurred because: 1. DefaultImporter.close_old_findings() only queried for active=True findings, missing risk-accepted findings which have active=False 2. BaseImporter.mitigate_finding() did not remove the risk_accepted status when closing findings Changes: - Modified DefaultImporter.close_old_findings() to include risk-accepted findings in the query (Q(active=True) | Q(risk_accepted=True)) - Added risk_unaccept() call in BaseImporter.mitigate_finding() to remove risk acceptance when findings are closed - Added comprehensive unit tests covering both scenarios: * Risk-accepted findings that are no longer in scan reports (should be closed and risk acceptance removed) * Risk-accepted findings that are still in scan reports (should remain risk-accepted) The fix ensures that when a previously risk-accepted vulnerability is genuinely fixed, the finding status accurately reflects this by being mitigated and having the risk acceptance removed. * feat: Add pghistory tracking for tag fields (#14116) * pghistory: add tag tracking + ui improvements * simplify ui strings * simplify ui strings * move logic * display reviewers names * add ui elements properly * catch and log errors * catch and log errors * fix(deps): update dependency @docsearch/css from 4.4.0 to v4.5.3 (docs/package.json) (#14128) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency django-debug-toolbar from 6.1.0 to v6.2.0 (requirements-dev.txt) (#14132) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update valkey docker tag from 0.15.0 to v0.15.1 (helm/defectdojo/chart.yaml) (#14131) * chore(deps): update valkey docker tag from 0.15.0 to v0.15.1 (helm/defectdojo/chart.yaml) * update Helm documentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Update python Docker tag from 3.13.11 to v3.14.2 (Dockerfile.nginx-alpine) (#13996) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * update * pro changelog: jan21 (#14144) * update changelog 2.54.1/2 * quick fix Removed note about no significant UX changes from changelog. * Update file upload field to accept dynamic file types and add validation for supported extensions (#14143) * chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.11 to v1.37.12 (helm/defectdojo/values.yaml) (#14135) * chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.11 to v1.37.12 (helm/defectdojo/values.yaml) * update Helm documentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * chore(deps): bump setuptools from 80.9.0 to 80.10.1 (#14138) Bumps [setuptools](https://github.com/pypa/setuptools) from 80.9.0 to 80.10.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v80.9.0...v80.10.1) --- updated-dependencies: - dependency-name: setuptools dependency-version: 80.10.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update dependency prettier from 3.8.0 to v3.8.1 (docs/package.json) (#14141) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update peter-evans/create-pull-request action from v8.0.0 to v8.1.0 (.github/workflows/update-sample-data.yml) (#14142) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update actions/setup-python action from v6.1.0 to v6.2.0 (.github/workflows/test-helm-chart.yml) (#14146) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump markdown from 3.10 to 3.10.1 (#14147) Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.10 to 3.10.1. - [Release notes](https://github.com/Python-Markdown/markdown/releases) - [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md) - [Commits](https://github.com/Python-Markdown/markdown/compare/3.10.0...3.10.1) --- updated-dependencies: - dependency-name: markdown dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sqlalchemy from 2.0.45 to 2.0.46 (#14148) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.45 to 2.0.46. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-version: 2.0.46 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update release-drafter/release-drafter action from v6.1.1 to v6.2.0 (.github/workflows/release-drafter.yml) (#14149) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update actions/checkout action from v6.0.1 to v6.0.2 (.github/workflows/validate_docs_build.yml) (#14150) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump ruff from 0.14.11 to 0.14.14 (#14152) Bumps [ruff](https://github.com/astral-sh/ruff) from 0.14.11 to 0.14.14. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.14.11...0.14.14) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.14.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vulners from 3.1.3 to 3.1.5 (#14153) Bumps vulners from 3.1.3 to 3.1.5. --- updated-dependencies: - dependency-name: vulners dependency-version: 3.1.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(deps): update dependency thulite from 2.6.3 to v2.6.4 (docs/package.json) (#14154) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @docsearch/js from 4.4.0 to v4.5.3 (docs/package.json) (#14129) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Revert "Update python Docker tag from 3.13.11 to v3.14.2 (Dockerfile.nginx-alpine) (#13996)" (#14158) This reverts commit 1a61804140a41ba44ee69a1de5a5e5b20e21bdc8. * Update dependency renovatebot/renovate from 42.85.8 to v42.92.5 (.github/workflows/renovate.yaml) (#14159) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add Permissions-Policy header settings and corresponding tests (#14156) * Update versions in application files * Change pghistory backfill log level from ERROR to DEBUG for missing event tables (#14151) When migration 0250 runs before migration 0256 creates the tags event tables, it logs ERROR messages for missing tables. These are expected during migration sequencing and should be DEBUG level instead. Changes: - Update auditlog.py to log at DEBUG level when event tables don't exist - Update progress_callback functions in migrations 0250 and 0257 to handle DEBUG level * Add django-linear-migrations for linear migration history (#14145) * start using django-linear-migrations * simplify readme * Update versions in application files * Update versions in application files * chore(deps): bump setuptools from 80.10.1 to 80.10.2 (#14163) Bumps [setuptools](https://github.com/pypa/setuptools) from 80.10.1 to 80.10.2. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v80.10.1...v80.10.2) --- updated-dependencies: - dependency-name: setuptools dependency-version: 80.10.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Refactor engagement and risk acceptance permissions (#14155) * Refactor engagement permissions: introduce BaseRelatedObjectPermission and update related views * Refactor permission classes for risk acceptance and findings in views * Refactor permission classes: introduce UserHasDevelopmentEnvironmentPermission, UserHasRegulationPermission, and UserHasSLAPermission; update views accordingly * Refactor BaseDjangoModelPermission: short circuit permission evaluation for unsupported request methods * Refactor RiskAcceptanceViewSet: simplify download_proof method by moving permission_classes to the decorator * Add global role fixture and enhance test setup for permissions * Refactor test setup in BaseClass: consolidate user authentication logic into a reusable method * Create new user rather than hijacking an existing one * More user fun :) * :bug: Fix "Test Type" filter dropdown includes inactive test types #14161 (#14166) * :bug: No filter by "Test name" in the findings list for all products #14162 (#14167) * authorizations: optimize queries & cache data per request (#13989) * authorizations: add test cases * authorizations: use subqueries instead of exists * fix metrics test * authorizations: cache results per requests if possible * fix metrics calleers * add upgrade note * Update performance test counts after merge Updated expected query and async task counts using update_performance_test_counts.py script. Most tests show improvements with slight reductions in queries/tasks. Product grading tests show small increases due to upstream changes in grading logic. All tests verified passing. * Enhance risk acceptance authorization by checking global permissions when no engagements are found (#14174) * feat(async): Drop args from async_dupe_delete (#14171) * Update dependency @thulite/inline-svg from 1.2.1 to v1.2.2 (docs/package.json) (#14182) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update valkey Docker tag from 0.15.1 to v0.15.2 (helm/defectdojo/Chart.yaml) (#14175) * Update valkey Docker tag from 0.15.1 to v0.15.2 (helm/defectdojo/Chart.yaml) * update Helm documentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * fix(deps): update dependency @thulite/images from 3.3.3 to v3.3.4 (docs/package.json) (#14181) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(async): watchmedo was installed incorrectly (#14183) Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> * feat(async): Show number of tasks waiting in queue (#14180) Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> * feat(async): Set "expires" for regulart tasks (#14172) Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> * fix(deps): update dependency @thulite/seo from 2.4.2 to v2.4.3 (docs/package.json) (#14184) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) (#14187) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update python:3.13.11-alpine3.22 Docker digest from 3.13.11 to v (Dockerfile.nginx-alpine) (#14188) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump python-gitlab from 7.1.0 to 8.0.0 (#14189) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 7.1.0 to 8.0.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](https://github.com/python-gitlab/python-gitlab/compare/v7.1.0...v8.0.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cryptography from 46.0.3 to 46.0.4 (#14190) Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.4. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.4) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update docker/login-action action from v3.6.0 to v3.7.0 (.github/workflows/release-x-manual-tag-as-latest.yml) (#14194) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update valkey Docker tag from 0.15.2 to v0.15.3 (helm/defectdojo/Chart.yaml) (#14193) * Update valkey Docker tag from 0.15.2 to v0.15.3 (helm/defectdojo/Chart.yaml) * update Helm documentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * chore(deps): bump django-polymorphic from 4.8.0 to 4.10.5 (#14088) * chore(deps): bump django-polymorphic from 4.8.0 to 4.9.0 * Update requirements.txt * Update requirements.txt * update * Update django-polymorphic version to 4.10.5 * Rename migration file for clarity --------- Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Fix: Suppress expected JIRA validation alerts when pushing (Fixes #12988) (#13974) * Fix: Suppress expected JIRA validation alerts when auto-pushing Fixes #12988 When 'Push all issues' is enabled at the engagement level, DefectDojo attempts to automatically push all findings to JIRA during import/reimport. This causes alerts to be created for every finding that cannot be pushed due to expected validation failures (e.g., not verified, not active, below minimum threshold). These alerts flood the Alerts UI with noise since these are expected conditions, not actual errors. The fix distinguishes between: - Expected validation failures: Findings that aren't ready to be pushed (not verified/active, below threshold, etc.) - these are logged but don't create alerts - Unexpected errors: Configuration issues, connection problems, etc. - these still create alerts as they indicate real problems This ensures users only see alerts for actual problems while still logging expected validation failures for debugging purposes. * fix * Update dojo/jira_link/helper.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Update python:3.13.11-alpine3.22 Docker digest from 3.13.11 to v (Dockerfile.nginx-alpine) (#14211) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) (#14210) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency @thulite/doks-core from 1.8.3 to v1.8.4 (docs/package.json) (#14207) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * :lipstick: Typo in release 2.52 (#14204) * Update actions/cache action from v5.0.2 to v5.0.3 (.github/workflows/validate_docs_build.yml) (#14202) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency kubernetes/minikube from v1.37.0 to v1.38.0 (.github/workflows/k8s-tests.yml) (#14199) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * remove duplicated openreports parser doc (#14206) * Include Trufflehog verified secret info in report (#14192) * Include Trufflehog verified secret info in report * Revert title change * Pass verified flag to Finding object * Revert description change * chore(deps): bump jquery-ui from 1.14.1 to 1.14.2 in /components (#14201) Bumps [jquery-ui](https://github.com/jquery/jquery-ui) from 1.14.1 to 1.14.2. - [Release notes](https://github.com/jquery/jquery-ui/releases) - [Commits](https://github.com/jquery/jquery-ui/compare/1.14.1...1.14.2) --- updated-dependencies: - dependency-name: jquery-ui dependency-version: 1.14.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * don't (over)write status on comment event (#14208) * Fix email template rendering for product_type_added notification * fix: fix rendering error in product_type_added email template * [docs] 2026 overhaul (#14157) * update changelog headings * add nav highlight to header * init /get_started/ * add new top menu entries * move everything to a new directory * redesign header * dynamic colored logo * correct spacing * make a new menu * move all article content * mv remaining articles * make better search button * even better search button * update sectionNav and reorder articles * add glossary * add glossary text * add initial version switcher * adjust css adjust css make CSS nicer: color and top border remove flicker again * add version metadata to get_started articles * update walk partial to check single articles * finish get started content * finish setting up import content * inprogress - set up defectdojo structure * Create new docs for Metrics * fix &or remove all links * fix typo --------- Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com> Co-authored-by: dangoelz <dangoelz@gmail.com> * locations: everything else (#14198) * locations: everything else * remove unnecessary todos * use proper field for location equal comparison * for pro proposition banner, use location count if v3 enabled * jira link updates * update view_finding, view_test templates and display_tags to look at import_settings locations * urls as unique * url uniqueness hash generation * rework url cleaning * update editing a product url to get/create * update or create url on form * fix edit/add endpoint views * update comment in settings re: endpoints as a hash code field * default skip_validation on basemodelwithouttimedelts#save to "not v3 enabled" * perf test updates * Apply suggestion from @Maffooch * Update fixtures for dev branch to be happy * docs - quick patch (#14226) * fix broken header link * add release notes button * fetch latest in button * fix version select offset * fix xss vuln: escape HTML * Update versions in application files * Update versions in application files * Update versions in application files * chore(deps): bump pyjwt from 2.10.1 to 2.11.0 (#14224) Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.11.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0) --- updated-dependencies: - dependency-name: pyjwt dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) (#14223) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) (#14222) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(helm): Valkey: use dedicated service account (#14217) Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> * refactor dojo async task base task The custom decorators that we have on Celery tasks interfere with some (advanced) celery functionality like signatures. This PR refactors this to have a clean base task that passes on context, but does not interfere with celery mechanisms. The logic to decide whether or not the task is to be called asynchronously is now in a dispatch method. * Fix AttributeError in celery task dispatch - Use class reference instead of self for task dispatch (self.method returns bound method without .si() attribute) - Update location_manager.py to use dojo_dispatch_task instead of @dojo_async_task decorator - Convert task methods to static-like functions (no self parameter) * Fix remaining dojo_dispatch_task call sites - Avoid passing manager/task attributes via instance (use class task objects to ensure .si() is available) - Stop dispatching non-task jira_helper.push_to_jira through dojo_dispatch_task; call it directly and let it dispatch the underlying celery tasks * [docs] indexing improvements (#14229) * update robots.txt for indexing * add audience content to algolia indexing * add cache refresh for release notes version * chore(deps): bump django from 5.2.9 to 5.2.11 (#14236) Bumps [django](https://github.com/django/django) from 5.2.9 to 5.2.11. - [Commits](https://github.com/django/django/compare/5.2.9...5.2.11) --- updated-dependencies: - dependency-name: django dependency-version: 5.2.11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update views.py (#14243) * Set last reviewed date and reviewer when note is added (#14209) * Set last reviewed date and reviewer for finding Update finding's last reviewed date and reviewer to maintain parity with UI behaviors * Apply suggestion from @Maffooch * Set last reviewed date and author for finding Update finding with last reviewed date and author. * Apply suggestions from code review * Apply suggestion from @Maffooch --------- Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> * Fix finding counts showing as 1 due to subquery ordering bug (#14242) Hardened build_count_subquery to explicitly clear ordering and order by group_field before slicing. This prevents Django from adding implicit ORDER BY <pk> which causes GROUP BY to collapse counts to 1. Also updated prefetch_for_product_type to use the hardened helper instead of a local Subquery with the same vulnerability. Added unit tests to verify the fixes work correctly. Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com> * Update versions in application files * Update versions in application files * Update versions in application files * chore(deps): bump datatables.net from 2.3.6 to 2.3.7 in /components (#14214) Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 2.3.6 to 2.3.7. - [Release notes](https://github.com/DataTables/Dist-DataTables/releases) - [Commits](https://github.com/DataTables/Dist-DataTables/compare/2.3.6...2.3.7) --- updated-dependencies: - dependency-name: datatables.net dependency-version: 2.3.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update python:3.13.11-slim-trixie docker digest from 3.13.11 to v (dockerfile.integration-tests-debian) (#14233) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Fix risk acceptance API to link to engagement and add validations Fixes #12644 This commit addresses several issues with the risk acceptance API: 1. Risk acceptances created via API now appear in engagement panel - Added engagement.risk_acceptance.add(instance) in create() method - Fixes the main bug where API-created risk acceptances were orphaned 2. Added validation for enable_full_risk_acceptance product setting - API now respects the product-level setting before creating instances - Validates in validate() method to fail early 3. Added protection against engagement switching - Prevents moving risk acceptances between engagements via PATCH/PUT - Validates even when risk acceptance has no findings (edge case) 4. Performance improvement - Use self.instance.accepted_findings.all() instead of filtering 5. Comprehensive API tests - Added test_risk_acceptance_api.py with 7 test cases - Covers all edge cases and validation scenarios - All tests passing Changes: - dojo/api_v2/serializers.py: Enhanced RiskAcceptanceSerializer - unittests/test_risk_acceptance_api.py: New comprehensive test suite * fix permission check * prevent orphaned RAs getting findings but no eng * Merge pull request #14237 from paulOsinski/changelog-feb-3 [docs] pro changelog - 2.55.0 * chore(deps): update python docker tag from 3.13.11 to v3.13.12 (dockerfile.nginx-alpine) (#14245) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update valkey/valkey:7.2.11-alpine docker digest from 7.2.11 to v (docker-compose.yml) (#14252) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Fix engagement retrieval in ImportScanView and ReImportScanView to use product reference * Update dockerfiles to ensure underlying OS is always running the latest packages * Add unit tests * Add noqa comment to toggle_system_setting_boolean decorator in JIRAImportAndPushTestApi * [docs] replace old risk acceptance article and add calendar (#14244) * Replace old risk acceptance article and add calendar * revert thulite changes and block renovate * resize images * update lock file * change article directories * content changes * update lock file again --------- Co-authored-by: Paul Osinski <posinski34@gmail.com> Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com> * Add test to ensure duplicate findings are deleted in the proper order (#14256) * added testing to ensure duplicate findings are deleted in the correct order * fix ruff issues * Update unittests/test_duplication_loops.py --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Fix test name filter to use test__title instead of test__name (#14253) The Test model uses 'title' field, not 'name'. This fixes the 500 error when filtering findings by Test name with Filter String Matching Optimization enabled. Fixes #14160 Co-authored-by: Cursor <cursoragent@cursor.com> * Expose `has_any_jira_issue` filter for findings (#12670) (#14266) The `has_jira_issue` filter only checks if the finding itself has a JIRA issue. For findings in a group where the group has a JIRA issue, this filter doesn't match. A `FindingHasJIRAFilter` that checks both already existed but was never wired up to be visible in the UI or API. Rename it to `has_any_jira_issue`, add help text, and include it in `get_finding_filterset_fields()` so it appears in the finding filters when both JIRA and finding groups are enabled. Closes #12670 * Add finding group support to jira_status_reconciliation command (#14267) * Add finding group support to jira_status_reconciliation command The jira_status_reconciliation management command only processed individual findings with direct JIRA issues. Finding groups that were pushed to JIRA as groups were completely skipped because their JIRA issue is attached to the Finding_Group model, not to individual findings. This adds a second processing loop for Finding_Group objects with JIRA issues, supporting all three modes (reconcile, push_status_to_jira, import_status_from_jira). The group's aggregate status is derived from its member findings. To avoid pushing the same JIRA issue twice, we use push_status_to_jira directly on the group object (not push_finding_group_to_jira which would also push individual finding JIRA issues already handled by the existing loop). Also adds --include-findings/--no-include-findings and --include-finding-groups/--no-include-finding-groups flags so users can control which types are processed. Closes #14031 * add upgrade notes * Jira keep findings in sync: Expand to import/reimport and API (#14262) * Enhance JIRA synchronization logic in importers and serializers - Updated push_to_jira conditions to include sync behavior based on JIRA instance settings. - Refactored JIRA push logic to check for sync status in FindingSerializer and DefaultImporter. - Improved handling of JIRA instance retrieval and sync checks in DefaultReImporter and BaseImporter. - Added support for prefetched JIRA instance in is_keep_in_sync_with_jira function. * Refactor JIRA sync flag to use 'finding_jira_sync' for consistency in importers and reimporters * Refactor is_keep_in_sync_with_jira function to use a generic object parameter for improved flexibility * Refactor is_keep_in_sync_with_jira function to improve JIRA issue detection and sync logic * Add tests * bulk edit: push groups to JIRA when sync is enabled (#14265) --------- Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> * Update versions in application files * Update versions in application files * chore(deps): bump ruff from 0.14.14 to 0.15.0 (#14238) Bumps [ruff](https://github.com/astral-sh/ruff) from 0.14.14 to 0.15.0. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.14.14...0.15.0) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update python:3.13.12-alpine3.22 docker digest from 3.13.12 to v (dockerfile.nginx-alpine) (#14263) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update python:3.13.12-slim-trixie docker digest from 3.13.12 to v (dockerfile.integration-tests-debian) (#14264) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump setuptools from 80.10.2 to 82.0.0 (#14272) Bumps [setuptools](https://github.com/pypa/setuptools) from 80.10.2 to 82.0.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v80.10.2...v82.0.0) --- updated-dependencies: - dependency-name: setuptools dependency-version: 82.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency renovatebot/renovate from 43.2.4 to v43.5.6 (.github/workflows/renovate.yaml) (#14268) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump django-polymorphic from 4.10.5 to 4.11.0 (#14258) Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.10.5 to 4.11.0. - [Release notes](https://github.com/jazzband/django-polymorphic/releases) - [Commits](https://github.com/jazzband/django-polymorphic/compare/v4.10.5...v4.11.0) --- updated-dependencies: - dependency-name: django-polymorphic dependency-version: 4.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump markdown from 3.10.1 to 3.10.2 (#14289) Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.10.1 to 3.10.2. - [Release notes](https://github.com/Python-Markdown/markdown/releases) - [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md) - [Commits](https://github.com/Python-Markdown/markdown/compare/3.10.1...3.10.2) --- updated-dependencies: - dependency-name: markdown dependency-version: 3.10.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump redis from 7.1.0 to 7.1.1 (#14290) Bumps [redis](https://github.com/redis/redis-py) from 7.1.0 to 7.1.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v7.1.0...v7.1.1) --- updated-dependencies: - dependency-name: redis dependency-version: 7.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump social-auth-core from 4.8.3 to 4.8.5 (#14291) Bumps [social-auth-core](https://github.com/python-social-auth/social-core) from 4.8.3 to 4.8.5. - [Release notes](https://github.com/python-social-auth/social-core/releases) - [Changelog](https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md) - [Commits](https://github.com/python-social-auth/social-core/compare/4.8.3...4.8.5) --- updated-dependencies: - dependency-name: social-auth-core dependency-version: 4.8.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency node from 24.13.0 to v24.13.1 (.github/workflows/validate_docs_build.yml) (#14294) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update docker/build-push-action action from v6.18.0 to v6.19.2 (.github/workflows/release-x-manual-docker-containers.yml) (#14299) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump django-dbbackup from 5.1.2 to 5.2.0 (#14298) Bumps [django-dbbackup](https://github.com/Archmonger/django-dbbackup) from 5.1.2 to 5.2.0. - [Release notes](https://github.com/Archmonger/django-dbbackup/releases) - [Changelog](https://github.com/Archmonger/django-dbbackup/blob/master/CHANGELOG.md) - [Commits](https://github.com/Archmonger/django-dbbackup/compare/5.1.2...5.2.0) --- updated-dependencies: - dependency-name: django-dbbackup dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency kubernetes from 1.32.11 to v1.32.12 (.github/workflows/k8s-tests.yml) (#14303) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update valkey Docker tag from 0.15.3 to v0.15.4 (helm/defectdojo/Chart.yaml) (#14304) * Update valkey Docker tag from 0.15.3 to v0.15.4 (helm/defectdojo/Chart.yaml) * update Helm documentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * chore(deps): bump vulners from 3.1.5 to 3.1.6 (#14306) Bumps vulners from 3.1.5 to 3.1.6. --- updated-dependencies: - dependency-name: vulners dependency-version: 3.1.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update dependency kubernetes/kubernetes from v1.35.0 to v1.35.1 (.github/workflows/k8s-tests.yml) (#14310) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump cryptography from 46.0.4 to 46.0.5 (#14297) Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.4 to 46.0.5. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/46.0.4...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update postgres docker tag from 18.1 to v18.2 (docker-compose.yml) (#14311) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): bump ruff from 0.15.0 to 0.15.1 * remove extra files --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ross E Esposito <ross@defectdojo.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Co-authored-by: DefectDojo release bot <dojo-release-bot@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com> Co-authored-by: Greg Anderson <greg.anderson@owasp.org> Co-authored-by: Jino Tesauro <53376807+Jino-T@users.noreply.github.com> Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com> Co-authored-by: Carl Anthon Wellsjö <58119759+anthonwellsjo@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com> Co-authored-by: Filipe Pina <636320+fopina@users.noreply.github.com> Co-authored-by: James Golovich <james@gnuinter.net> Co-authored-by: Oscar Martinez <Oscar.Martinez@visionarytechservices.com> Co-authored-by: dangoelz <dangoelz@gmail.com> Co-authored-by: dogboat <dogboat@users.noreply.github.com> Co-authored-by: Matt Tesauro <mtesauro@gmail.com> Co-authored-by: Paul Osinski <posinski34@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com>

renovate bot requested a review from Maffooch as a code owner February 1, 2026 01:12

renovate bot added the dependencies Pull requests that update a dependency file label Feb 1, 2026

renovate bot requested a review from mtesauro as a code owner February 1, 2026 01:12

mtesauro mentioned this pull request Feb 1, 2026

Update dependency renovatebot/renovate from 42.92.5 to v42.95.2 (.github/workflows/renovate.yaml) #14221

Closed

1 task

mtesauro approved these changes Feb 1, 2026

View reviewed changes

renovate bot force-pushed the renovate/renovatebot-renovate-43.x branch 5 times, most recently from f5840cd to 054476c Compare February 2, 2026 13:54

renovate bot changed the title ~~Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 2, 2026

renovate bot changed the title ~~chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 2, 2026

renovate bot force-pushed the renovate/renovatebot-renovate-43.x branch from 054476c to 5031409 Compare February 2, 2026 16:46

renovate bot changed the title ~~Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 2, 2026

renovate bot changed the title ~~chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 2, 2026

renovate bot changed the title ~~Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 2, 2026

renovate bot changed the title ~~chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 2, 2026

renovate bot changed the title ~~Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 2, 2026

renovate bot changed the title ~~chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 2, 2026

Maffooch approved these changes Feb 2, 2026

View reviewed changes

renovate bot changed the title ~~Update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)~~ chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) Feb 3, 2026

renovate bot force-pushed the renovate/renovatebot-renovate-43.x branch from 5031409 to 3f3d18b Compare February 3, 2026 10:33

chore(deps): update dependency renovatebot/renovate from 42.92.5 to v…

dbda2ce

…43 (.github/workflows/renovate.yaml)

renovate bot force-pushed the renovate/renovatebot-renovate-43.x branch from 3f3d18b to dbda2ce Compare February 3, 2026 12:27

mtesauro merged commit 8088268 into dev Feb 3, 2026
150 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)#14222

chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml)#14222
mtesauro merged 1 commit intodevfrom
renovate/renovatebot-renovate-43.x

renovate bot commented Feb 1, 2026 •

edited

Loading

Uh oh!

mtesauro left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

renovate bot commented Feb 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Bug Fixes

Miscellaneous Chores

Bug Fixes

Bug Fixes

Bug Fixes

Miscellaneous Chores

Build System

Bug Fixes

Miscellaneous Chores

Features

Features

Bug Fixes

Documentation

Miscellaneous Chores

Bug Fixes

Build System

Code Refactoring

Build System

Miscellaneous Chores

Build System

Bug Fixes

Bug Fixes

Bug Fixes

Miscellaneous Chores

Bug Fixes

Documentation

Bug Fixes

Documentation

Breaking changes for 43

Allowlisting required for "unsafe commands" #​40684

postUpgradeTasks will no longer run with shell mode by default #​40230

binarySource=docker is officially deprecated #​40735

Renovate now ships as ESM (ECMAScript Modules) #​9890 / #​40756

config:best-practices will now perform weekly lockfile maintenance #​40735

JSON Schema split for repo or global configuration #​38619

Replacements cannot be grouped with other updates #​40758

Lock file maintenance cannot be grouped with other updates #​40781

Use wasm-java build of Bouncy Castle #​40678

Renovate now requires a minimum of Node 24 #​40675

Package name for Node.JS in Mise has changed to node #​40466

The useCloudMetadataServices configuration is now environment variable only #​40638

Default tool version updates #​39100

Commentary for 43

Deprecations

⚠ BREAKING CHANGES

Features

Bug Fixes

Documentation

Miscellaneous Chores

Build System

Bug Fixes

Miscellaneous Chores

Bug Fixes

Build System

Bug Fixes

Miscellaneous Chores

Continuous Integration

Features

Bug Fixes

Build System

Bug Fixes

Bug Fixes

Bug Fixes

Build System

Bug Fixes

Miscellaneous Chores

Code Refactoring

Bug Fixes

Miscellaneous Chores

Code Refactoring

Tests

Bug Fixes

Code Refactoring

Features

Bug Fixes

Documentation

renovate bot commented Feb 1, 2026 •

edited

Loading

Allowlisting required for "unsafe commands" #40684

`postUpgradeTasks` will no longer run with `shell` mode by default #40230

`binarySource=docker` is officially deprecated #40735

Renovate now ships as ESM (ECMAScript Modules) #9890 / #40756

`config:best-practices` will now perform weekly lockfile maintenance #40735

JSON Schema split for repo or global configuration #38619

Replacements cannot be grouped with other updates #40758

Lock file maintenance cannot be grouped with other updates #40781

Use `wasm-java` build of Bouncy Castle #40678

Renovate now requires a minimum of Node 24 #40675

Package name for Node.JS in Mise has changed to `node` #40466

The `useCloudMetadataServices` configuration is now environment variable only #40638

Default tool version updates #39100