fix(multiselectfield): Use original repo

[kiblik]

https://github.com/goinnn/django-multiselectfield looks like alive again (goinnn/django-multiselectfield#141) with more fixes (including Django 5 support - needed for #10409) than https://github.com/DefectDojo/django-multiselectfield.

django-multiselectfield in version 0.1.13 was released and it is pinned in requirements.txt now

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	1 finding
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code change is an update to the requirements.txt file for the DefectDojo project, which is an open-source application security management tool. The key changes include updating the outdated django-multiselectfield library to the latest version and pulling the django-tagging library directly from the project's GitHub repository, likely to use a custom version or a version that is not yet publicly released.

From a security perspective, the update to django-multiselectfield is a positive step, as keeping dependencies up-to-date is crucial for maintaining the security of the application. However, the use of a custom version of the django-tagging library may introduce potential security risks if the changes are not thoroughly reviewed and validated. Additionally, the comment about the django-tagging library being "very outdated" suggests that there may be other outdated dependencies in the project, which should be regularly reviewed and updated to address known security vulnerabilities. It's important to ensure that all dependencies in the requirements.txt file are necessary and secure, as this file is an essential part of the application's configuration.

Files Changed:

• requirements.txt: This file has been updated to include the following changes:
  1. The outdated django-multiselectfield library has been updated from the GitHub repository to the latest version 0.1.13.
  2. The django-tagging library is being pulled directly from the develop branch of the DefectDojo GitHub repository, likely to use a custom version or a version that is not yet publicly released.

Powered by DryRun Security

[Maffooch]

If we move away from the fork, I would prefer we wait for a pinned release. It looks like it should be happening any day now!
goinnn/django-multiselectfield@d78d652

[kiblik]

If we move away from the fork, I would prefer we wait for a pinned release. It looks like it should be happening any day now! goinnn/django-multiselectfield@d78d652

Sorry for not updating the description. I already used the pinned version.

[Maffooch]

I should have looked at the diff again before commenting that 😅

[kiblik]

There is missing git tag and release but it was already published to pip server: https://pypi.org/project/django-multiselectfield/#history