Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Downgrade uwsgi to 2.0.26 #11033

Merged
merged 1 commit into from
Oct 11, 2024
Merged

Downgrade uwsgi to 2.0.26 #11033

merged 1 commit into from
Oct 11, 2024

Conversation

Maffooch
Copy link
Contributor

@Maffooch Maffooch commented Oct 9, 2024

Hot reloading appears to be broken in. 2.0.27. The linked GitHub issue is the same behavior that I am seeing

unbit/uwsgi#2681

@Maffooch
Downgrade uwsgi to 2.0.26
fef6496 
Hot reloading appears to be broken in. 2.0.27. The linked GitHub issue is the same behavior that I am seeing

unbit/uwsgi#2681
@Maffooch Maffooch added the bugfix label Oct 9, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 9, 2024

DryRun Security Summary

The provided code changes in the requirements.txt file indicate a minor version update to the uWSGI library, and it's recommended to thoroughly review the entire requirements.txt file and ensure all dependencies are up-to-date and secure.

Expand for full summary

Summary:

The provided code changes in the requirements.txt file indicate a minor version update to the uWSGI library, from 2.0.27 to 2.0.26. This type of version change typically includes bug fixes and minor improvements, but no major feature changes. From an application security perspective, this change does not appear to be directly related to any known security vulnerabilities. However, it's always a good practice to review the release notes or change logs of any updated dependencies to ensure there are no security-related fixes included in the new version.

Additionally, the requirements.txt file contains a comprehensive list of dependencies used by the DefectDojo application, which is an open-source web application for managing software defects. It's important to regularly review all dependencies for any known security vulnerabilities, as outdated or vulnerable dependencies can introduce security risks to the application. Overall, this code change appears to be a routine update to the application's dependencies, and there are no immediate security concerns that stand out. However, it's recommended to thoroughly review the entire requirements.txt file and ensure all dependencies are up-to-date and secure.

Files Changed:

  • requirements.txt: This file contains the list of dependencies used by the DefectDojo application. The changes in this PR update the version of the uWSGI library from 2.0.27 to 2.0.26, which is a minor version change that typically includes bug fixes and minor improvements, but no major feature changes.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Oct 9, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro
Copy link
Contributor

mtesauro commented Oct 9, 2024

@Maffooch Does it make sense to update this as part of this PR or just keep an eye on dependabot PRs for uwsgi?

@Maffooch
Copy link
Contributor Author

Maffooch commented Oct 9, 2024

Just need to keep an eye on it. This breakage was not in their notes or anything. Seems like it was more of a surprise. I wouldn't want to to "blacklist" this over a bug in an upgrade that only hurts dev environments

@Maffooch Maffooch merged commit 5985567 into bugfix Oct 11, 2024
74 checks passed
@Maffooch Maffooch deleted the Maffooch-patch-1 branch October 11, 2024 15:02
pedrohdjs pushed a commit to pedrohdjs/django-DefectDojo-sorting that referenced this pull request Oct 21, 2024
@Maffooch
Downgrade uwsgi to 2.0.26 (DefectDojo#11033)
b4d8f7d 
Hot reloading appears to be broken in. 2.0.27. The linked GitHub issue is the same behavior that I am seeing

unbit/uwsgi#2681
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

@hblankenship hblankenship hblankenship approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Maffooch @mtesauro @grendel513 @cneill @hblankenship @blakeaowens