Release: Merge back 2.37.0 into dev from: master-into-dev/2.37.0-2.38.0-dev

[github-actions]

Release triggered by Maffooch

[dryrunsecurity]

DryRun Security Summary

The provided code changes primarily focus on updating the DefectDojo application to version 2.38.0-dev, including documentation updates, package version updates, and Helm chart version updates, without introducing any obvious security vulnerabilities, but it is crucial to review the release notes and change logs to understand the nature of the changes and any potential security-related improvements or fixes.

Expand for full summary

Summary:

The provided code changes are primarily focused on updating the DefectDojo application to a new version, 2.38.0-dev. The changes include documentation updates, package version updates, and Helm chart version updates. From an application security perspective, these changes do not introduce any obvious security vulnerabilities.

However, it is important to review the release notes and change logs for the new versions of DefectDojo and the associated Helm chart to understand the nature of the changes and any potential security-related improvements or fixes. Additionally, the Celery integration and the use of global variables in the code should be reviewed to ensure they are properly configured and secured.

Overall, these code changes appear to be routine version updates, but it is crucial to maintain vigilance and review any changes to the application's codebase and dependencies from a security perspective to ensure the ongoing security and integrity of the DefectDojo application.

Files Changed:

1. docs/content/en/getting_started/upgrading/2.38.md: This file contains documentation updates related to upgrading to DefectDojo version 2.38.x. The changes are informational in nature and do not introduce any new functionality or code changes that could potentially impact the security of the application.

2. components/package.json: This file updates the version of the defectdojo package from 2.37.0-dev to 2.38.0-dev, indicating a new version release. It is important to review the changes in the dependencies to ensure that there are no known security vulnerabilities in the updated versions.

3. helm/defectdojo/Chart.yaml: This file updates the appVersion and version of the Helm chart for the DefectDojo application, indicating a new version release. It is recommended to review the release notes or change logs for the new versions to understand any potential security implications.

4. dojo/__init__.py: This file updates the version number from "2.37.0-dev" to "2.38.0-dev". While the version update itself does not directly impact security, it is important to ensure that the new version is thoroughly tested for security vulnerabilities before deployment. Additionally, the Celery integration and the use of global variables in the code should be reviewed to ensure they are properly configured and secured.

Code Analysis

We ran 9 analyzers against 4 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.