Merge branch 'dev' into bugfix

Author: Maffooch

.github/workflows/k8s-tests.yml

@@ -35,7 +35,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@v2.11.0
+        uses: manusa/actions-setup-minikube@v2.12.0
         with:
           minikube version: 'v1.33.1'
           kubernetes version: ${{ matrix.k8s }}

.github/workflows/rest-framework-tests.yml

@@ -34,8 +34,8 @@ jobs:
         run: docker/setEnv.sh unit_tests_cicd
 
       # phased startup so we can use the exit code from unit test container
-      - name: Start Postgres
-        run: docker compose up -d postgres
+      - name: Start Postgres and webhook.endpoint
+        run: docker compose up -d postgres webhook.endpoint
 
       # no celery or initializer needed for unit tests
       - name: Unit tests

components/package.json

@@ -26,7 +26,7 @@
     "google-code-prettify": "^1.0.0",
     "jquery": "^3.7.1",
     "jquery-highlight": "3.5.0",
-    "jquery-ui": "1.13.3",
+    "jquery-ui": "1.14.0",
     "jquery.cookie": "1.4.1",
     "jquery.flot.tooltip": "^0.9.0",
     "jquery.hotkeys": "jeresig/jquery.hotkeys#master",
@@ -35,7 +35,7 @@
     "metismenu": "~3.0.7",
     "moment": "^2.30.1",
     "morris.js": "morrisjs/morris.js",
-    "pdfmake": "^0.2.12",
+    "pdfmake": "^0.2.13",
     "startbootstrap-sb-admin-2": "1.0.7"
   },
   "engines": {

components/yarn.lock

@@ -678,12 +678,12 @@ jquery-highlight@3.5.0:
   dependencies:
     jquery ">= 1.0.0"
 
-jquery-ui@1.13.3:
-  version "1.13.3"
-  resolved "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.13.3.tgz#d9f5292b2857fa1f2fdbbe8f2e66081664eb9bc5"
-  integrity sha512-D2YJfswSJRh/B8M/zCowDpNFfwsDmtfnMPwjJTyvl+CBqzpYwQ+gFYIbUUlzijy/Qvoy30H1YhoSui4MNYpRwA==
+jquery-ui@1.14.0:
+  version "1.14.0"
+  resolved "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.14.0.tgz#b75d417826f0bab38125f907356d2e3313a9c6d5"
+  integrity sha512-mPfYKBoRCf0MzaT2cyW5i3IuZ7PfTITaasO5OFLAQxrHuI+ZxruPa+4/K1OMNT8oElLWGtIxc9aRbyw20BKr8g==
   dependencies:
-    jquery ">=1.8.0 <4.0.0"
+    jquery ">=1.12.0 <5.0.0"
 
 jquery.cookie@1.4.1:
   version "1.4.1"
@@ -699,7 +699,7 @@ jquery.hotkeys@jeresig/jquery.hotkeys#master:
   version "0.2.0"
   resolved "https://codeload.github.com/jeresig/jquery.hotkeys/tar.gz/f24f1da275aab7881ab501055c256add6f690de4"
 
-"jquery@>= 1.0.0", jquery@>=1.7, jquery@>=1.7.0, "jquery@>=1.8.0 <4.0.0", jquery@^3.7.1:
+"jquery@>= 1.0.0", "jquery@>=1.12.0 <5.0.0", jquery@>=1.7, jquery@>=1.7.0, jquery@^3.7.1:
   version "3.7.1"
   resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.7.1.tgz#083ef98927c9a6a74d05a6af02806566d16274de"
   integrity sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg==
@@ -824,10 +824,10 @@ path-parse@^1.0.7:
   resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735"
   integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
 
-pdfmake@^0.2.12:
-  version "0.2.12"
-  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.12.tgz#5156f91ff73797947942aa342423bedaa0c0bc93"
-  integrity sha512-TFsqaG6KVtk+TWermmJNNwom3wmB/xiz07prM74KBhdM+7pz3Uwq2b0uoqhhQRn6cYUTpL8lXZY6xF011o1YcQ==
+pdfmake@^0.2.13:
+  version "0.2.13"
+  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.13.tgz#ea43fe9f0c8de1e5ec7b08486d6f4f8bbb8619e4"
+  integrity sha512-qeVE9Bzjm0oPCitH4/HYM/XCGTwoeOAOVAXPnV3s0kpPvTLkTF/bAF4jzorjkaIhXGQhzYk6Xclt0hMDYLY93w==
   dependencies:
     "@foliojs-fork/linebreak" "^1.1.1"
     "@foliojs-fork/pdfkit" "^0.14.0"

docker-compose.override.dev.yml

@@ -53,3 +53,5 @@ services:
         published: 8025
         protocol: tcp
         mode: host
+  "webhook.endpoint":
+    image: mccutchen/go-httpbin:v2.15.0@sha256:24528cf5229d0b70065ac27e6c9e4d96f5452a84a3ce4433e56573c18d96827a

docker-compose.override.unit_tests.yml

@@ -1,7 +1,7 @@
 ---
 services:
   nginx:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'nginx']
     volumes:
       - defectdojo_media_unit_tests:/usr/share/nginx/html/media
@@ -30,13 +30,13 @@ services:
       DD_CELERY_BROKER_PATH: '/dojo.celerydb.sqlite'
       DD_CELERY_BROKER_PARAMS: ''
   celerybeat:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'celery beat']
   celeryworker:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'celery worker']
   initializer:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'initializer']
   postgres:
     ports:
@@ -49,8 +49,10 @@ services:
     volumes:
       - defectdojo_postgres_unit_tests:/var/lib/postgresql/data
   redis:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'redis']
+  "webhook.endpoint":
+    image: mccutchen/go-httpbin:v2.15.0@sha256:24528cf5229d0b70065ac27e6c9e4d96f5452a84a3ce4433e56573c18d96827a
 volumes:
   defectdojo_postgres_unit_tests: {}
   defectdojo_media_unit_tests: {}

docker-compose.override.unit_tests_cicd.yml

@@ -1,7 +1,7 @@
 ---
 services:
   nginx:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'nginx']
     volumes:
       - defectdojo_media_unit_tests:/usr/share/nginx/html/media
@@ -29,13 +29,13 @@ services:
       DD_CELERY_BROKER_PATH: '/dojo.celerydb.sqlite'
       DD_CELERY_BROKER_PARAMS: ''
   celerybeat:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'celery beat']
   celeryworker:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'celery worker']
   initializer:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'initializer']
   postgres:
     ports:
@@ -48,8 +48,10 @@ services:
     volumes:
       - defectdojo_postgres_unit_tests:/var/lib/postgresql/data
   redis:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'redis']
+  "webhook.endpoint":
+    image: mccutchen/go-httpbin:v2.15.0@sha256:24528cf5229d0b70065ac27e6c9e4d96f5452a84a3ce4433e56573c18d96827a
 volumes:
   defectdojo_postgres_unit_tests: {}
   defectdojo_media_unit_tests: {}

docker-compose.yml

@@ -103,15 +103,15 @@ services:
           source: ./docker/extra_settings
           target: /app/docker/extra_settings
   postgres:
-    image: postgres:16.4-alpine@sha256:492898505cb45f9835acc327e98711eaa9298ed804e0bb36f29e08394229550d
+    image: postgres:17.0-alpine@sha256:14195b0729fce792f47ae3c3704d6fd04305826d57af3b01d5b4d004667df174
     environment:
       POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo}
       POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo}
       POSTGRES_PASSWORD: ${DD_DATABASE_PASSWORD:-defectdojo}
     volumes:
       - defectdojo_postgres:/var/lib/postgresql/data
   redis:
-    image: redis:7.2.5-alpine@sha256:0bc09d9f486508aa42ecc2f18012bb1e3a1b2744ef3a6ad30942fa12579f0b03
+    image: redis:7.2.5-alpine@sha256:6aaf3f5e6bc8a592fbfe2cccf19eb36d27c39d12dab4f4b01556b7449e7b1f44
     volumes:
       - defectdojo_redis:/data
 volumes:

docker/install_chrome_dependencies.py

@@ -10,43 +10,47 @@
 
 
 def find_packages(library_name):
-    stdout = run_command(["apt-file", "search", library_name])
+    stdout, stderr, status_code = run_command(["apt-file", "search", library_name])
+    # Check if ldd has failed for a good reason, or if there are no results
+    if status_code != 0:
+        # Any other case should be be caught
+        msg = f"apt-file search (exit code {status_code}): {stderr}"
+        raise ValueError(msg)
+
     if not stdout.strip():
         return []
     libs = [line.split(":")[0] for line in stdout.strip().split("\n")]
     return list(set(libs))
 
 
 def run_command(cmd, cwd=None, env=None):
+    # Do not raise exception here because some commands are too loose with negative exit codes
     result = subprocess.run(cmd, cwd=cwd, env=env, capture_output=True, text=True, check=False)
-    return result.stdout
+    return result.stdout.strip(), result.stderr.strip(), result.returncode
 
 
 def ldd(file_path):
-    stdout = run_command(["ldd", file_path])
-    # For simplicity, I'm assuming if we get an error, the code is non-zero.
-    try:
-        result = subprocess.run(
-            ["ldd", file_path], capture_output=True, text=True, check=False,
-        )
-        stdout = result.stdout
-        code = result.returncode
-    except subprocess.CalledProcessError:
-        stdout = ""
-        code = 1
-    return stdout, code
+    stdout, stderr, status_code = run_command(["ldd", file_path])
+    # Check if ldd has failed for a good reason, or if there are no results
+    if status_code != 0:
+        # It is often the case when stdout will be empty. This is not an error
+        if not stdout:
+            return stdout, status_code
+        # Any other case should be be caught
+        msg = f"ldd (exit code {status_code}): {stderr}"
+        raise ValueError(msg)
+
+    return stdout, status_code
 
 
 raw_deps = ldd("/opt/chrome/chrome")
 dependencies = raw_deps[0].splitlines()
-
 missing_deps = {
     r[0].strip()
     for d in dependencies
     for r in [d.split("=>")]
     if len(r) == 2 and r[1].strip() == "not found"
 }
-
 missing_packages = []
 for d in missing_deps:
     all_packages = find_packages(d)
@@ -59,5 +63,4 @@ def ldd(file_path):
     ]
     for p in packages:
         missing_packages.append(p)
-
 logger.info("missing_packages: " + (" ".join(missing_packages)))

docs/content/en/getting_started/upgrading/2.39.md

@@ -0,0 +1,7 @@
+---
+title: 'Upgrading to DefectDojo Version 2.39.x'
+toc_hide: true
+weight: -20240903
+description: No special instructions.
+---
+There are no special instructions for upgrading to 2.39.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.39.0) for the contents of the release.