Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump drf-spectacular from 0.27.2 to 0.28.0 #11352

Merged
merged 1 commit into from
Dec 4, 2024
Merged

Bump drf-spectacular from 0.27.2 to 0.28.0 #11352

merged 1 commit into from
Dec 4, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 2, 2024
edited
Loading

Bumps drf-spectacular from 0.27.2 to 0.28.0.

Release notes

Sourced from drf-spectacular's releases.

0.28.0

Important notes

  • Y-stream release due to the amount of small but important changes.
  • Pydantic users might see a slightly different schema due to the change in serialization method.

PRs

New Contributors

Full Changelog: tfranzel/drf-spectacular@0.27.2...0.28.0

Changelog

Sourced from drf-spectacular's changelog.

0.28.0 (2024-11-30)

  • Fix lazy_reverse bug in views ([#1339](https://github.com/tfranzel/drf-spectacular/issues/1339) <https://github.com/tfranzel/drf-spectacular/issues/1339>_)
  • Extend query params explosion of non-DRF serializer [#1315](https://github.com/tfranzel/drf-spectacular/issues/1315) <https://github.com/tfranzel/drf-spectacular/issues/1315>_
  • consider pk_field on PrimaryKeyRelatedField when set [#1335](https://github.com/tfranzel/drf-spectacular/issues/1335) <https://github.com/tfranzel/drf-spectacular/issues/1335>_
  • fix unused OAuth2 scopes override [#1319](https://github.com/tfranzel/drf-spectacular/issues/1319) <https://github.com/tfranzel/drf-spectacular/issues/1319>_
  • bugfix @​extend_schema_field raw schema already in OAS3.1
  • some minors (resolves [#1147](https://github.com/tfranzel/drf-spectacular/issues/1147) <https://github.com/tfranzel/drf-spectacular/issues/1147>_)
  • fix OAS3.1 validator omission [#1302](https://github.com/tfranzel/drf-spectacular/issues/1302) <https://github.com/tfranzel/drf-spectacular/issues/1302>_
  • guard against broken dir impl [#1296](https://github.com/tfranzel/drf-spectacular/issues/1296) <https://github.com/tfranzel/drf-spectacular/issues/1296>_
  • Add Django 5.1 as classifier [jelmert]
  • No extra items in the oneOf list [Vladimir]
  • parametrize component registry identity [#1288](https://github.com/tfranzel/drf-spectacular/issues/1288) <https://github.com/tfranzel/drf-spectacular/issues/1288>_
  • make operation_id action position configurable [#1264](https://github.com/tfranzel/drf-spectacular/issues/1264) <https://github.com/tfranzel/drf-spectacular/issues/1264>_
  • Fix for incorrect issubclass() check. [Mike Moore]
  • Correct the documentation of how to import extension snippets [Alan Crosswell]
  • Update OpenAPI docs links [Nils Van Zuijlen]
  • mitigate false positive in Django Debug Toolbar [#1159](https://github.com/tfranzel/drf-spectacular/issues/1159) <https://github.com/tfranzel/drf-spectacular/issues/1159>_
  • Additional testcase [Marti Raudsepp]
  • Fix ChoiceField schema type with empty choices=[] [Marti Raudsepp]
  • handle examples with nested properties pagination [François Rejeté]
  • add choice field display method handling [#1228](https://github.com/tfranzel/drf-spectacular/issues/1228) <https://github.com/tfranzel/drf-spectacular/issues/1228>_
  • Add support for stateless user authentication in SimpleJWT ([#1221](https://github.com/tfranzel/drf-spectacular/issues/1221) <https://github.com/tfranzel/drf-spectacular/issues/1221>_) [Willem Meints]
  • fix: set pydantic json mode to serialization [Eric Butler]
  • fix: extend_schema_field with dict param and oas 3.1 [Eric Butler]

Breaking changes / important additions:

  • Y-stream release due to the amount of small but important changes.
  • Pydantic users might see a slightly different schema due to the change in serialization method.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 2, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 2, 2024
edited
Loading

DryRun Security Summary

The code change in this pull request updates the version of the drf-spectacular library from 0.27.2 to 0.28.0, which is used for generating OpenAPI documentation for Django REST Framework (DRF) applications, and it's important to review the release notes for the new version to ensure there are no breaking changes or security vulnerabilities.

Expand for full summary

Summary:

The code change in this pull request updates the version of the drf-spectacular library from 0.27.2 to 0.28.0. This library is used for generating OpenAPI documentation for Django REST Framework (DRF) applications. From an application security perspective, the version update is not particularly concerning, as version updates for libraries are generally a good practice, as they can include bug fixes, security patches, and feature improvements. However, it's always a good idea to review the release notes for the new version to ensure there are no breaking changes or security vulnerabilities that need to be addressed.

Additionally, the requirements.txt file contains a comprehensive list of all the dependencies used in the DefectDojo application. It's important to regularly review this file and ensure that all dependencies are up-to-date and secure. This can help mitigate the risk of introducing vulnerabilities into the application through outdated or insecure dependencies. Overall, the code change appears to be a routine library update, and there are no obvious security concerns. However, it's always a good practice to thoroughly review any code changes, especially those that involve dependencies and libraries, to ensure the ongoing security and stability of the application.

Files Changed:

  • requirements.txt: This file has been updated to change the version of the drf-spectacular library from 0.27.2 to 0.28.0. This library is used for generating OpenAPI documentation for Django REST Framework (DRF) applications.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Dec 2, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@dependabot
Bump drf-spectacular from 0.27.2 to 0.28.0
dd0dfe8 
Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.27.2 to 0.28.0.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](tfranzel/drf-spectacular@0.27.2...0.28.0)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/dev/drf-spectacular-0.28.0 branch from b8d6d65 to dd0dfe8 Compare December 3, 2024 15:27
@mtesauro mtesauro merged commit ea283b0 into dev Dec 4, 2024
74 checks passed
@dependabot dependabot bot deleted the dependabot/pip/dev/drf-spectacular-0.28.0 branch December 4, 2024 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cneill @mtesauro