Release: Merge release into master from: release/2.52.1#13664
Merged
Release: Merge release into master from: release/2.52.1#13664
Conversation
….53.0-dev Release: Merge back 2.52.0 into bugfix from: master-into-bugfix/2.52.0-2.53.0-dev
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
* update package & package-lock * rename directories for hugo 0.152.1 * update other stuff * replace favicons * update faq * move the files into new index * fix links * add sidebar nav to new index * Update test_parsers.py docs path * update node_modules path * revert breaking commit * update test_parsers.py --------- Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com>
Bumps [django](https://github.com/django/django) from 5.1.13 to 5.1.14. - [Commits](django/django@5.1.13...5.1.14) --- updated-dependencies: - dependency-name: django dependency-version: 5.1.14 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…sk handlers (#13630) * Add custom SLA calculation method to Finding model * Refactor SLA expiration date update methods for async processing and improve system settings checks * Update async SLA expiration date update to filter by product ID * Update helpers.py Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> --------- Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
…r additional tags
* fix(helm): Typo in description of digests Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> * fix(helm): Fix PVC templating after #13210 Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> --------- Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
* 🎉 Make social auth exceptions configurable * update * fix * update * udpate
[docs] SLAs for Pro
Improve tag handling in importers and add tests for tag imports
github-actions
Bot
requested review from
Maffooch and
mtesauro
as code owners
|
This pull request changes Renovate's update cadence to weekly, which increases the window of exposure to any vulnerabilities in the dependency-management tool itself and could raise the risk of a supply-chain compromise until the next scheduled update. While not flagged as blocking, the change may warrant reconsideration or compensating controls to reduce the longer exposure period.
Delayed Security Updates for Renovate Bot in
|
| Vulnerability | Delayed Security Updates for Renovate Bot |
|---|---|
| Description | The proposed change delays updates for the Renovate bot to a weekly schedule. Renovate is a critical dependency management tool within the software supply chain. Delaying updates for such a tool increases the window of exposure to potential vulnerabilities in Renovate itself. If a vulnerability is discovered in Renovate, the project would remain exposed until the next scheduled update, which could be up to a week, increasing the risk of a supply chain attack where malicious dependencies could be introduced or existing ones compromised. |
django-DefectDojo/.github/renovate.json
Lines 29 to 32 in f4d4c41
All finding details can be found in the DryRun Security Dashboard.
github-actions
Bot
added
settings_changes
Maffooch
pushed a commit
to valentijnscholten/django-DefectDojo
that referenced
this pull request
Feb 16, 2026
Release: Merge release into master from: release/2.52.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release triggered by
rossops