-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(django): Upgrade to 5.0 #10409
base: dev
Are you sure you want to change the base?
feat(django): Upgrade to 5.0 #10409
Conversation
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Change Summary (click to expand)The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. Summary: The code changes in this pull request primarily focus on updating the dependencies and configurations for the DefectDojo application. The key changes include:
Files Changed:
Powered by DryRun Security |
63d67e4
to
505e404
Compare
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
DryRun Security SummaryThe pull request focuses on maintaining a secure and up-to-date set of dependencies for the DefectDojo project, including upgrading Django, removing outdated libraries, updating configuration file hashes, and addressing Django 6.0 warnings, all aimed at improving the security and stability of the application. Expand for full summarySummary: The code changes in this pull request are focused on maintaining a secure and up-to-date set of dependencies for the DefectDojo project. The key changes include:
Overall, these changes appear to be focused on improving the security and stability of the DefectDojo application as it prepares for future versions of Django. Files Changed:
Code AnalysisWe ran
Riskiness🟢 Risk threshold not exceeded. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
9d0ec1e
to
c3d3579
Compare
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
@@ -24,7 +22,7 @@ django-slack==5.19.0 | |||
git+https://github.com/DefectDojo/django-tagging@develop#egg=django-tagging | |||
django-watson==1.6.3 | |||
django-prometheus==2.3.1 | |||
Django==4.2.14 | |||
Django==5.0.7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hold on merging this until after the 2.37.0 (August) minor release
So, nothing really to do here - just a note to my future self.
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
We released 4.2 so we can start migration to 5.0
Needs to be considered: https://docs.djangoproject.com/en/5.0/releases/5.0
Needs to be fixed (to be able to upgrade)
Post upgrade improvements (new useful features):