From 5873885edc12dcbee7714f3945af7efc47e05b75 Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Fri, 19 Apr 2024 21:53:06 +0200 Subject: [PATCH 1/7] Cancel workflow runs for in progress PRs --- .github/workflows/push.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 713eb70..26828fa 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -10,6 +10,10 @@ on: branches-ignore: - release +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + jobs: lint: runs-on: ubuntu-latest From e024427428be7c128085ba34f05bcc11ffa1116f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 22 Apr 2024 19:13:28 +0000 Subject: [PATCH 2/7] Update dependency dulwich to v0.22.0 --- requirements-container.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-container.txt b/requirements-container.txt index 3932065..b8c940f 100644 --- a/requirements-container.txt +++ b/requirements-container.txt @@ -1,6 +1,6 @@ django-auth-ldap==4.8.0 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.2 -dulwich==0.21.7 +dulwich==0.22.0 psycopg[c,pool]==3.1.18 python3-saml==1.16.0 --no-binary lxml sentry-sdk==1.45.0 From 347b943b759982834b4fa331f95b12e4419613f0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 23 Apr 2024 13:58:41 +0000 Subject: [PATCH 3/7] Update dependency dulwich to v0.22.1 --- requirements-container.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-container.txt b/requirements-container.txt index b8c940f..7e623ce 100644 --- a/requirements-container.txt +++ b/requirements-container.txt @@ -1,6 +1,6 @@ django-auth-ldap==4.8.0 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.2 -dulwich==0.22.0 +dulwich==0.22.1 psycopg[c,pool]==3.1.18 python3-saml==1.16.0 --no-binary lxml sentry-sdk==1.45.0 From e1335a1194ff92ce9e628c2e8a35852739d59df3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ma=CC=88der?= Date: Tue, 23 Apr 2024 16:40:40 +0200 Subject: [PATCH 4/7] Adds SECURE_* parameters introduced in 3.7.6 See https://github.com/netbox-community/netbox/issues/15644 --- configuration/configuration.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/configuration/configuration.py b/configuration/configuration.py index 8568071..5efbdc0 100644 --- a/configuration/configuration.py +++ b/configuration/configuration.py @@ -312,6 +312,23 @@ CSRF_TRUSTED_ORIGINS = _environ_get_and_map('CSRF_TRUSTED_ORIGINS', '', _AS_LIST # The name to use for the session cookie. SESSION_COOKIE_NAME = environ.get('SESSION_COOKIE_NAME', 'sessionid') +# If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header. +# This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain. +SECURE_HSTS_INCLUDE_SUBDOMAINS = _environ_get_and_map('SECURE_HSTS_INCLUDE_SUBDOMAINS', 'False', _AS_BOOL) + +# If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header. +# This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the +# site to be accessed via HTTPS even if the user types HTTP in the address bar. +SECURE_HSTS_PRELOAD = _environ_get_and_map('SECURE_HSTS_PRELOAD', 'False', _AS_BOOL) + +# If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all +# responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS, +# blocking any HTTP request. +SECURE_HSTS_SECONDS = _environ_get_and_map('SECURE_HSTS_SECONDS', 0, _AS_INT) + +# If true, all non-HTTPS requests will be automatically redirected to use HTTPS. +SECURE_SSL_REDIRECT = _environ_get_and_map('SECURE_SSL_REDIRECT', 'False', _AS_BOOL) + # By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use # local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only # database access.) Note that the user as which NetBox runs must have read and write permissions to this path. From b7d99c9c69a90aa595c885b846c566fd1780e9d5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 23 Apr 2024 19:44:05 +0000 Subject: [PATCH 5/7] Update github/super-linter action to v6 --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 26828fa..893a650 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -28,7 +28,7 @@ jobs: with: python-version: '3.9' - name: Lint Code Base - uses: github/super-linter@v5 + uses: github/super-linter@v6 env: DEFAULT_BRANCH: develop GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 8fb42b321324a5e379bff6ebdfb2caff58fbf149 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 26 Apr 2024 10:16:25 +0000 Subject: [PATCH 6/7] Update dependency sentry-sdk to v2 --- requirements-container.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-container.txt b/requirements-container.txt index 7e623ce..1029f51 100644 --- a/requirements-container.txt +++ b/requirements-container.txt @@ -3,4 +3,4 @@ django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.2 dulwich==0.22.1 psycopg[c,pool]==3.1.18 python3-saml==1.16.0 --no-binary lxml -sentry-sdk==1.45.0 +sentry-sdk==2.0.1 From f1787b47753d7d4f5d083dd0f1a26c310d62413d Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Sun, 28 Apr 2024 09:29:43 +0200 Subject: [PATCH 7/7] Disabled new tests --- .github/workflows/push.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 893a650..d7bf3b9 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -35,8 +35,10 @@ jobs: SUPPRESS_POSSUM: true LINTER_RULES_PATH: / VALIDATE_ALL_CODEBASE: false + VALIDATE_CHECKOV: false VALIDATE_DOCKERFILE: false VALIDATE_GITLEAKS: false + VALIDATE_JSCPD: false FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*) EDITORCONFIG_FILE_NAME: .ecrc DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml