Release: Merge back 2.56.3 into dev from: master-into-dev/2.56.3-2.57.0-dev#14580
Open
github-actions[bot] wants to merge 13 commits intodevfrom
Open
Release: Merge back 2.56.3 into dev from: master-into-dev/2.56.3-2.57.0-dev#14580github-actions[bot] wants to merge 13 commits intodevfrom
github-actions[bot] wants to merge 13 commits intodevfrom
Conversation
….57.0-dev Release: Merge back 2.56.2 into bugfix from: master-into-bugfix/2.56.2-2.57.0-dev
* implement lychee * pass unit tests * update contribution guidelines for docs * [doc] close_old_findings diff between import types * remove usage docs from open_source/archive * move docs archive up a folder * rules engine is pro only * create a single notification_webhooks article * mv remaining open_source articles * chore: normalize line endings to LF per .gitattributes * fix links * remove redundant upgrade file
Drop System_Settings "credentials" field
* Change dependabot and renovate schedules from daily to weekly on Wednesdays Reduces noise from dependency update PRs by limiting both dependabot and renovate to run once per week on Wednesdays instead of daily. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Pin Hugo version and prevent automated update PRs Remove Renovate annotations from Hugo version lines in workflow files and add gohugoio/hugo to ignoreDeps in renovate.json to prevent Dependabot/Renovate from opening PRs to bump the Hugo version. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix import-languages endpoint 500 errors and optimize performance The /api/v2/import-languages/ endpoint was producing 500 errors due to database integrity issues on Language_Type and Languages models. This commit addresses both reliability and performance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix ruff lint errors in serializer and migration Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Consolidate two migrations into single 0262_language_type_unique_language Combines the data deduplication (RunPython) and schema change (AlterField) into a single migration file. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix test fixtures conflicting with Language_Type unique constraint Remove Language_Type entries from test fixtures that duplicate languages already seeded by migration 0115_language_types. Update Languages FK references to point to the correct seeded Language_Type PKs. - dojo_testdata.json: Remove JSON (pk=1) and Python (pk=2) Language_Type entries, update Languages FK from pk=1 to pk=94 (seeded JSON pk) - dojo_testdata_locations.json: Same changes - defect_dojo_sample_data.json: Remove 3 conflicting Language_Type entries (DOS Batch, InstallShield, Ruby) with PKs that differ from seed data - defect_dojo_sample_data_locations.json: Same changes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Renumber migration from 0262 to 0263 to avoid conflict Migration 0262_remove_system_settings_credentials was merged to the bugfix branch. Renumber our migration to 0263 and update the dependency chain and max_migration.txt accordingly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Extended migration steps for PostgreSQL data after upgrading to 2.55.4.
… tie (#14562) * fix: deterministic order when deleting excess duplicate findings order_by("date") does not define order for rows with identical dates. Add id as secondary sort so async_dupe_delete removes oldest duplicates first (by date, then id), matching documented behavior. * test: cover async_dupe_delete ordering when duplicate dates match Add test_delete_duplicate_order_same_date_tiebreak_by_id; lower-id duplicate is removed first when max_dupes is exceeded and date ties.
Release: Merge release into master from: release/2.56.3
|
This pull request modifies multiple sensitive codepaths (including dojo/db_migrations/0263_language_type_unique_language.py, dojo/api_v2/serializers.py, dojo/celery.py, dojo/db_migrations/0262_remove_system_settings_credentials.py, dojo/models.py, and dojo/tasks.py), and the scanner flagged these edits as sensitive (error severity) — review and/or configure allowed authors and sensitive paths in .dryrunsecurity.yaml before merging.
🔴 Configured Codepaths Edit in
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/api_v2/serializers.py (drs_33e9a3c6)
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/celery.py (drs_b1e2c02b)
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/celery.py (drs_e7721b86)
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/db_migrations/0262_remove_system_settings_credentials.py (drs_8fe99c95)
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/models.py (drs_de401769)
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/tasks.py (drs_9961bdb9)
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
We've notified @mtesauro.
Comment to provide feedback on these findings.
Report false positive: @dryrunsecurity fp [FINDING ID] [FEEDBACK]
Report low-impact: @dryrunsecurity nit [FINDING ID] [FEEDBACK]
Example: @dryrunsecurity fp drs_90eda195 This code is not user-facing
All finding details can be found in the DryRun Security Dashboard.
Contributor
Author
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release triggered by
rossops