Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 fix Bump ruff from 0.7.2 to 0.7.3 #11224

Merged
merged 3 commits into from
Nov 12, 2024
Merged

🐛 fix Bump ruff from 0.7.2 to 0.7.3 #11224

merged 3 commits into from
Nov 12, 2024

Conversation

manuel-sommer
Copy link
Contributor

@github-actions github-actions bot added the apiv2 label Nov 8, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 8, 2024
edited
Loading

DryRun Security Summary

The pull request focuses on updating and enhancing the serializers in the Defect Dojo API version 2, introducing a wide range of new serializers and updates to existing ones, covering various aspects of the application's functionality, and while the changes do not directly introduce any obvious security vulnerabilities, it is important to ensure that the new serializers and their associated data handling processes are thoroughly reviewed and tested to identify and address any potential security issues.

Expand for full summary

Summary:

The changes in this pull request appear to be focused on updating and enhancing the serializers in the Defect Dojo API version 2. The changes introduce a wide range of new serializers and updates to existing ones, covering various aspects of the application's functionality, such as findings management, test management, JIRA and Sonarqube integration, user and group management, and more.

From an application security perspective, these changes do not directly introduce any obvious security vulnerabilities. The updates to the serializers are primarily focused on improving the functionality and flexibility of the API, which is a positive step for the application's overall security posture. However, it is important to ensure that the new serializers and their associated data handling processes are thoroughly reviewed and tested to identify and address any potential security issues.

Files Changed:

  1. requirements-lint.txt: This file has been updated to include a minor version update for the ruff package, from 0.7.2 to 0.7.3. This is a routine update and does not raise any immediate security concerns.

  2. dojo/api_v2/serializers.py: This file has undergone extensive changes, including the addition of numerous new serializers and updates to existing ones. The changes cover a wide range of functionality, such as findings management, test management, JIRA and Sonarqube integration, user and group management, and more. While these changes do not directly introduce any obvious security vulnerabilities, it is important to ensure that the new serializers and their associated data handling processes are thoroughly reviewed and tested to identify and address any potential security issues.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 3 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@manuel-sommer manuel-sommer mentioned this pull request Nov 8, 2024
Closed
@manuel-sommer manuel-sommer changed the title 🐛 fix renovate ruff update 🐛 fix Bump ruff from 0.7.2 to 0.7.3 Nov 8, 2024
cneill
cneill reviewed Nov 8, 2024
View reviewed changes
dojo/api_v2/serializers.py Outdated Show resolved Hide resolved
@manuel-sommer @cneill
Update dojo/api_v2/serializers.py
9dd6f4b 
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
@manuel-sommer
Copy link
Contributor Author

I applied your suggestion @cneill

mtesauro
mtesauro approved these changes Nov 11, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 43bc980 into DefectDojo:dev Nov 12, 2024
72 of 73 checks passed
@cneill cneill mentioned this pull request Nov 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@hblankenship hblankenship hblankenship approved these changes

@rossops rossops rossops approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
apiv2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@manuel-sommer @cneill @mtesauro @rossops @hblankenship @Maffooch