Merge remote-tracking branch 'upstream/dev' into feature/celery-queue-status-ui

Author: valentijnscholten

.gitattributes

@@ -0,0 +1,14 @@
+# Normalize line endings to LF
+*.sh     text eol=lf
+*.expect text eol=lf
+*.py     text eol=lf
+*.yml    text eol=lf
+*.yaml   text eol=lf
+*.md     text eol=lf
+
+# Binary files — never touch line endings
+*.png    binary
+*.jpg    binary
+*.gif    binary
+*.ico    binary
+*.pdf    binary

.github/dependabot.yml

@@ -3,7 +3,9 @@ updates:
 - package-ecosystem: pip
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
+    day: wednesday
+    time: "08:00"
   open-pull-requests-limit: 10
   target-branch: dev
   ignore:
@@ -16,7 +18,9 @@ updates:
 - package-ecosystem: npm
   directory: "/components"
   schedule:
-    interval: daily
+    interval: weekly
+    day: wednesday
+    time: "08:00"
   open-pull-requests-limit: 10
   target-branch: dev
   ignore:

.github/pull_request_template.md

@@ -25,7 +25,7 @@ This checklist is for your information.
 - [ ] Features/Changes should be submitted against the `dev`.
 - [ ] Bugfixes should be submitted against the `bugfix` branch.
 - [ ] Give a meaningful name to your PR, as it may end up being used in the release notes.
-- [ ] Your code is flake8 compliant.
+- [ ] Your code is Ruff compliant (see [ruff.toml](../ruff.toml)).
 - [ ] Your code is python 3.13 compliant.
 - [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
 - [ ] Model changes must include the necessary migrations in the dojo/db_migrations folder.

.github/renovate.json

@@ -1,7 +1,9 @@
 {
   "extends": [
-    "config:recommended"
+    "config:recommended",
+    "schedule:weekly"
   ],
+  "schedule": ["* * * * 3"],
   "dependencyDashboard": true,
   "dependencyDashboardApproval": false,
   "baseBranchPatterns": ["dev"],
@@ -16,7 +18,7 @@
     "dojo/components/yarn.lock",
     "dojo/components/package.json"
   ],
-  "ignoreDeps": [],
+  "ignoreDeps": ["gohugoio/hugo"],
   "packageRules": [{
     "matchPackageNames": ["*"],
     "commitMessageExtra": "from {{currentVersion}} to {{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}",

.github/workflows/build-docker-images-for-testing.yml

@@ -49,11 +49,11 @@ jobs:
         run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
         timeout-minutes: 15
         env:
           DOCKER_BUILD_CHECKS_ANNOTATIONS: false
@@ -67,7 +67,7 @@ jobs:
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         timeout-minutes: 15
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}
           path: ${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}_img

.github/workflows/cancel-outdated-workflow-runs.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
-      - uses: styfle/cancel-workflow-action@3155a141048f8f89c06b4cdae32e7853e97536bc # 0.13.0
+      - uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1
         with:
-          workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml'
+          workflow_id: 'integration-tests.yml,k8s-tests.yml,unit-tests.yml,validate_docs_build.yml,test-helm-chart.yml,ruff.yml,shellcheck.yml'
           access_token: ${{ github.token }}

.github/workflows/close-stale.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Close issues and PRs that are pending closure
-        uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
+        uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
         with:
           # Disable automatic stale marking - only close manually labeled items
           days-before-stale: -1
@@ -27,7 +27,7 @@ jobs:
           close-pr-message: 'This PR has been automatically closed because it was manually labeled as stale. If you believe this was closed in error, please reopen it and remove the stale label.'
 
       - name: Close stale issues and PRs
-        uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
+        uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
         with:
           # Disable automatic stale marking - only close manually labeled items
           days-before-stale: -1

.github/workflows/fetch-oas.yml

@@ -55,7 +55,7 @@ jobs:
         run: docker compose down
 
       - name: Upload oas.${{ matrix.file-type }} as artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: oas-${{ matrix.file-type }}
           path: oas.${{ matrix.file-type }}

.github/workflows/gh-pages.yml

@@ -18,16 +18,16 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
         with:
-          hugo-version: '0.153.4' # renovate: datasource=github-releases depName=gohugoio/hugo
+          hugo-version: '0.153.4'
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
-          node-version: '24.13.1' # TODO: Renovate helper might not be needed here - needs to be fully tested
+          node-version: '24.14.1' # TODO: Renovate helper might not be needed here - needs to be fully tested
 
       - name: Cache dependencies
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -42,7 +42,7 @@ jobs:
 
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+        uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0
 
       - name: Install dependencies
         run: cd docs && npm ci

.github/workflows/integration-tests.yml

@@ -11,36 +11,70 @@ jobs:
     strategy:
       matrix:
         test-case: [
-          "tests/finding_test.py",
-          "tests/report_builder_test.py",
-          "tests/notes_test.py",
-          "tests/regulations_test.py",
-          "tests/product_type_test.py",
-          "tests/product_test.py",
+          "openapi-validatator",
+          "tests/action_history_test.py",
+          "tests/alerts_test.py",
+          "tests/announcement_banner_test.py",
+          "tests/banner_test.py",
+          "tests/base_test_class.py",
+          "tests/benchmark_test.py",
+          "tests/calendar_test.py",
+          "tests/check_various_pages.py",
+          "tests/close_old_findings_dedupe_test.py",
+          "tests/close_old_findings_test.py",
+          "tests/credential_test.py",
+          "tests/dashboard_test.py",
+          "tests/dedupe_test.py",
+          "tests/endpoint_extended_test.py",
           "tests/endpoint_test.py",
+          "tests/engagement_checklist_test.py",
+          "tests/engagement_export_test.py",
+          "tests/engagement_extended_test.py",
+          "tests/engagement_presets_test.py",
           "tests/engagement_test.py",
           "tests/environment_test.py",
-          "tests/test_test.py",
-          "tests/user_test.py",
+          "tests/false_positive_history_test.py",
+          "tests/file_test.py",
+          "tests/finding_extended_test.py",
+          "tests/finding_group_test.py",
+          "tests/finding_test.py",
           "tests/group_test.py",
+          "tests/login_test.py",
+          "tests/metrics_extended_test.py",
+          "tests/note_type_test.py",
+          "tests/notes_test.py",
+          "tests/notification_webhook_test.py",
+          "tests/notifications_test.py",
+          "tests/object_test.py",
+          "tests/product_credential_test.py",
           "tests/product_group_test.py",
-          "tests/product_type_group_test.py",
           "tests/product_member_test.py",
+          "tests/product_metadata_test.py",
+          "tests/product_tag_metrics_test.py",
+          "tests/product_test.py",
+          "tests/product_type_group_test.py",
           "tests/product_type_member_test.py",
-          "tests/ibm_appscan_test.py",
+          "tests/product_type_test.py",
+          "tests/questionnaire_advanced_test.py",
+          "tests/questionnaire_test.py",
+          "tests/regulations_test.py",
+          "tests/reimport_scan_test.py",
+          "tests/report_builder_test.py",
+          "tests/risk_acceptance_test.py",
           "tests/search_test.py",
-          "tests/file_test.py",
-          "tests/dedupe_test.py",
-          "tests/announcement_banner_test.py",
-          "tests/close_old_findings_dedupe_test.py",
-          "tests/close_old_findings_test.py",
-          "tests/false_positive_history_test.py",
-          "tests/check_various_pages.py",
+          "tests/sla_configuration_test.py",
+          "tests/system_settings_test.py",
+          "tests/test_copy_test.py",
+          "tests/test_test.py",
+          "tests/test_type_test.py",
+          "tests/threat_model_test.py",
+          "tests/tool_config.py",
+          "tests/tool_product_test.py",
+          "tests/tool_type_test.py",
+          "tests/user_profile_test.py",
+          "tests/user_test.py",
           # "tests/import_scanner_test.py",
           # "tests/zap.py",
-          "tests/notifications_test.py",
-          "tests/tool_config.py",
-          "openapi-validatator",
         ]
         os: [alpine, debian]
         v3_feature_locations: [true, false]
@@ -58,7 +92,7 @@ jobs:
 
       # load docker images from build jobs
       - name: Load images from artifacts
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: built-docker-image
           pattern: built-docker-image-*