Merge branch 'dev' into merge_mobsf

Author: manuel-sommer

.github/workflows/gh-pages.yml

@@ -19,7 +19,7 @@ jobs:
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: '22.20.0'
 

.github/workflows/k8s-tests.yml

@@ -14,9 +14,11 @@ jobs:
       matrix:
         include:
           # databases, broker and k8s are independent, so we don't need to test each combination
-          # lastest k8s version (https://kubernetes.io/releases/) and oldest supported version from aws
-          # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions)
-          - k8s: 'v1.34.0'
+          # lastest k8s version (https://kubernetes.io/releases/) and the oldest officially supported version
+          # are tested (https://kubernetes.io/releases/)
+          - k8s: 'v1.34.1'
+            os: debian
+          - k8s: 'v1.31.13'
             os: debian
     steps:
       - name: Checkout

.github/workflows/release-1-create-pr.yml

@@ -98,7 +98,7 @@ jobs:
           chart-search-root: "helm/defectdojo"
 
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
+        uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"

.github/workflows/release-3-master-into-dev.yml

@@ -86,7 +86,7 @@ jobs:
           chart-search-root: "helm/defectdojo"
 
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
+        uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"
@@ -162,7 +162,7 @@ jobs:
           chart-search-root: "helm/defectdojo"
 
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
+        uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"

.github/workflows/release-x-manual-helm-chart.yml

@@ -70,7 +70,7 @@ jobs:
              helm dependency update ./helm/defectdojo
 
       - name: Add yq
-        uses: mikefarah/yq@6251e95af8df3505def48c71f3119836701495d6 # v4.47.2
+        uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.48.1
 
       - name: Pin version docker version
         id: pin_image
@@ -87,7 +87,7 @@ jobs:
           echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV
 
       - name: Create release ${{ inputs.release_number }}
-        uses: softprops/action-gh-release@aec2ec56f94eb8180ceec724245f64ef008b89f5 # v2.4.0
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
         with:
           name: '${{ inputs.release_number }} 🌈'
           tag_name: ${{ inputs.release_number }}

.github/workflows/test-helm-chart.yml

@@ -129,7 +129,7 @@ jobs:
       # If this step fails, install https://github.com/losisin/helm-values-schema-json and run locally `helm schema --use-helm-docs` in `helm/defectdojo` before committing your changes.
       # The helm schema will be generated for you.
       - name: Generate values schema json
-        uses: losisin/helm-values-schema-json-action@d5847286fa04322702c4f8d45031974798c83ac7 # v2.3.0
+        uses: losisin/helm-values-schema-json-action@660c441a4a507436a294fc55227e1df54aca5407 # v2.3.1
         with:
           fail-on-diff: true
           working-directory: "helm/defectdojo"

.github/workflows/validate_docs_build.yml

@@ -16,7 +16,7 @@ jobs:
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: '22.20.0'
 

Dockerfile.nginx-alpine

@@ -63,7 +63,7 @@ COPY dojo/ ./dojo/
 # always collect static for debug toolbar as we can't make it dependant on env variables or build arguments without breaking docker layer caching
 RUN env DD_SECRET_KEY='.' DD_DJANGO_DEBUG_TOOLBAR_ENABLED=True python3 manage.py collectstatic --noinput --verbosity=2 && true
 
-FROM nginx:1.29.1-alpine3.22@sha256:42a516af16b852e33b7682d5ef8acbd5d13fe08fecadc7ed98605ba5e3b26ab8
+FROM nginx:1.29.2-alpine3.22@sha256:61e01287e546aac28a3f56839c136b31f590273f3b41187a36f46f6a03bbfe22
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

docker-compose.yml

@@ -129,7 +129,7 @@ services:
       - defectdojo_postgres:/var/lib/postgresql/data
   redis:
     # Pinning to this version due to licensing constraints
-    image: redis:7.2.11-alpine@sha256:cd3e4dbac9604660d08efac21b27daa2ae91dde1e19203b49ec8567050ba093f
+    image: redis:7.2.11-alpine@sha256:1a34bdba051ecd8a58ec8a3cc460acef697a1605e918149cc53d920673c1a0a7
     volumes:
       - defectdojo_redis:/data
 volumes:

helm/defectdojo/Chart.yaml

@@ -22,3 +22,5 @@ annotations:
   artifacthub.io/changes: |
     - kind: changed
       description: DRY cloudsql-proxy
+    - kind: added
+      description: Testing on the oldest officially supported k8s