Skip to content

Release: Merge back 2.52.0 into bugfix from: master-into-bugfix/2.52.0-2.53.0-dev#13606

Merged
rossops merged 7 commits intobugfixfrom
master-into-bugfix/2.52.0-2.53.0-dev
Nov 3, 2025
Merged

Release: Merge back 2.52.0 into bugfix from: master-into-bugfix/2.52.0-2.53.0-dev#13606
rossops merged 7 commits intobugfixfrom
master-into-bugfix/2.52.0-2.53.0-dev

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Nov 3, 2025

Release triggered by rossops

@dryrunsecurity
Copy link

dryrunsecurity bot commented Nov 3, 2025

DryRun Security

This pull request uses an unpinned GitHub Action (DefectDojo-Inc/notify-pr-reviewers-action@master) in .github/workflows/slack-pr-reminder.yml, which is a supply-chain risk because the referenced code can change without review; consider pinning to a specific commit or tag to mitigate.

Unpinned GitHub Action Version in .github/workflows/slack-pr-reminder.yml
Vulnerability Unpinned GitHub Action Version
Description The GitHub Action DefectDojo-Inc/notify-pr-reviewers-action is pinned to the @master branch. This is a security risk because the code at @master can change at any time, potentially introducing malicious code or breaking changes into the CI/CD pipeline without explicit review. This exposes the project to supply chain attacks.

uses: DefectDojo-Inc/notify-pr-reviewers-action@master # Do not use a specific version to always get the latest updates
with:
owner: "DefectDojo"
repository: "django-DefectDojo"


All finding details can be found in the DryRun Security Dashboard.

@rossops rossops closed this Nov 3, 2025
@rossops rossops reopened this Nov 3, 2025
@github-actions github-actions bot added the helm label Nov 3, 2025
@rossops rossops merged commit fb49ecd into bugfix Nov 3, 2025
148 checks passed
@rossops rossops deleted the master-into-bugfix/2.52.0-2.53.0-dev branch November 3, 2025 19:41
Maffooch pushed a commit to valentijnscholten/django-DefectDojo that referenced this pull request Feb 16, 2026
…x/2.52.0-2.53.0-dev

Release: Merge back 2.52.0 into bugfix from: master-into-bugfix/2.52.0-2.53.0-dev
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants