DefectDojo
`datatables.net*` package bumps
Description
We have quite a few datatables.net* package updates pending from Dependabot, and the tests were failing due to changes in file names used by these packages. I've updated all of the packages in one go and updated the file names, but there may still be styling issues based on the latest versions.
Existing PRs: #10148 #10147 #10146 #10001 #10000
I've also removed the drmonty-* packages that are very old forks of 2 datatables packages, and that appear to be unused.
Test results
There are some styling issues and at least 1 integration test failure. I'm trying to figure out the latter but can't successfully run integration tests locally for some reason.
Styling issues I've noticed so far:
Documentation
N/A
Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.
| DryRun Security | Status | Findings |
|---|---|---|
| Configured Codepaths Analyzer | :white_check_mark: | 0 findings |
| Sensitive Files Analyzer | :grey_exclamation: | 1 finding |
| AppSec Analyzer | :white_check_mark: | 0 findings |
| Authn/Authz Analyzer | :white_check_mark: | 0 findings |
| Secrets Analyzer | :white_check_mark: | 0 findings |
[!Note] :green_circle: Risk threshold not exceeded.
Change Summary (click to expand)
The following is a summary of changes in this pull request made by me, your security buddy :robot:. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.
Summary:
The changes in this pull request primarily focus on updating the versions of several dependencies related to the DataTables JavaScript library, which is used for creating interactive tables in the DefectDojo application. The key changes include updating the versions of DataTables.net-related dependencies, such as
datatables.net,datatables.net-buttons-bs,datatables.net-buttons-dt, anddatatables.net-colreorder. Additionally, thedrmonty-datatables-pluginsanddrmonty-datatables-responsivedependencies have been removed.From an application security perspective, these changes do not immediately raise any major concerns. However, it's important to review the release notes and changelogs of the updated dependencies to ensure that there are no known security vulnerabilities or issues that need to be addressed. Additionally, it's a good practice to monitor the project's dependencies for any future updates and security advisories, and to keep the dependencies up-to-date to mitigate potential security risks.
Files Changed:
components/package.json: This file has been updated to reflect the changes in the project's dependencies, including the version updates for several DataTables.net-related dependencies and the removal of thedrmonty-datatables-pluginsanddrmonty-datatables-responsivedependencies.
dojo/templates/base.html: This file has been updated to reflect the changes in the DataTables library version, with thejquery.dataTables.min.jsfile being updated todataTables.min.jsand thejquery.dataTables.min.cssfile being updated todataTables.dataTables.min.css.
components/yarn.lock: This file has been updated to reflect the changes in the versions of the DataTables-related dependencies, including updates to thedatatables.net-bs,datatables.net-buttons-bs,datatables.net-buttons-dt,datatables.net-buttons,datatables.net-colreorder,datatables.net-dt, anddatatables.netdependencies.
Powered by DryRun Security
![dryrunsecurity[bot] avatar](https://avatars.githubusercontent.com/in/377039?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request has conflicts, please resolve those before we can evaluate the pull request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}