Bump asteval from 1.0.5 to 1.0.6 (#11633)

* Bump vite from 6.0.7 to 6.0.9 in /docs (#11610)

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.0.7 to 6.0.9.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.0.9/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Pro Release Notes 2.42.2 (#11611)

* update changelog 2.42.2

* add additional 2.42.1 features

---------

Co-authored-by: Paul Osinski <[email protected]>

* Update .dryrunsecurity.yaml (#11617)

* Readme docs - followup PR (#11525)

* follow on to readme update

* remove broken /pricing link

* chg local_settings refs ldap-authentication.md

---------

Co-authored-by: Paul Osinski <[email protected]>

* Bump asteval from 1.0.5 to 1.0.6

Bumps [asteval](https://github.com/lmfit/asteval) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/lmfit/asteval/releases)
- [Commits](lmfit/asteval@1.0.5...1.0.6)

---
updated-dependencies:
- dependency-name: asteval
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>

.dryrunsecurity.yaml

@@ -67,6 +67,7 @@ allowedAuthors:
     - dsever
     - dogboat
     - hblankenship
+    - valentijnscholten
 notificationList:
   - '@mtesauro'
   - '@grendel513'

README.md

@@ -113,7 +113,7 @@ of DefectDojo as we begin work on v3. Please see our [contributing guidelines](r
 information. Check out our latest update on v3 [here](https://github.com/DefectDojo/django-DefectDojo/discussions/8974).
 
 ## Pro Edition
-[Upgrade to DefectDojo Pro](https://www.defectdojo.com/pricing) today to take your DevSecOps to 11. DefectDojo Pro is
+[Upgrade to DefectDojo Pro](https://www.defectdojo.com/) today to take your DevSecOps to 11. DefectDojo Pro is
 designed to meet you wherever you are on your security journey and help you scale, with enhanced dashboards, additional
 smart features, tunable deduplication, and support from DevSecOps experts.
 

docs/content/en/changelog/changelog.md

@@ -7,6 +7,14 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](../../open_source/upgrading/upgrading_guide).
 
+## Jan 21, 2025: v2.42.2
+
+- **(Classic UI)** Corrected link to Smart Upload form.
+- **(CLI Tools)** Fixed issue with .exe extensions not getting added to Windows binaries
+- **(Findings)** `Mitigated` filter now uses datetime instead of date for filtering.
+- **(OAuth)** Clarified Azure AD labels to better align with Azure's language.  Default value for Azure Resource is now set. <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
+- **(RBAC)** Request Review now applies RBAC properly with regard to User Groups.
+
 ## Jan 13, 2025: v2.42.1
 
 - **(API)** Pro users can now specify the fields they want to return in a given API payload.  For example, this request will only return the title, severity and description fields for each Finding.  <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
@@ -15,6 +23,10 @@ curl -X 'GET' \
   'https://localhost/api/v2/findings/?response_fields=title,severity,description' \
   -H 'accept: application/json'
 ```
+- **(Findings)** Excel and CSV exports now include tags.
+- **(Reports)** Reports now exclude unenforced SLAs from Executive Summary to avoid confusion.
+- **(Risk Acceptance)** Simple Risk Acceptances now have a 'paper trail' created - when they are added or removed, a note will be added to the Finding to log the action.
+- **(Tools)** ImageTags are now included with AWS SecurityHub and AWS inspector parsers.
 
 ## Jan 6, 2025: v2.42.0
 

docs/content/en/open_source/api-v2-docs.md

@@ -5,13 +5,10 @@ draft: false
 weight: 2
 ---
 
-
-
-
 DefectDojo\'s API is created using [Django Rest
 Framework](http://www.django-rest-framework.org/). The documentation of
 each endpoint is available within each DefectDojo installation at
-[`/api/v2/doc/`](https://demo.defectdojo.org/api/v2/) and can be accessed by choosing the API v2
+[`/api/v2/oa3/swagger-ui`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/)) and can be accessed by choosing the API v2
 Docs link on the user drop down menu in the header. 
 
 ![image](../../images/api_v2_1.png)
@@ -45,7 +42,7 @@ For example: :
 
 ### Alternative authentication method
 
-If you use [an alternative authentication method](../social-authentication/) for users, you may want to disable DefectDojo API tokens because it could bypass your authentication concept. \
+If you use [an alternative authentication method](../archived_docs/integrations/social-authentication/) for users, you may want to disable DefectDojo API tokens because it could bypass your authentication concept. \
 Using of DefectDojo API tokens can be disabled by specifying the environment variable `DD_API_TOKENS_ENABLED` to `False`.
 Or only `api/v2/api-token-auth/` endpoint can be disabled by setting `DD_API_TOKEN_AUTH_ENDPOINT_ENABLED` to `False`.
 
@@ -128,7 +125,7 @@ The json object result is: :
 {{< /highlight >}}
 
 See [Django Rest Framework\'s documentation on interacting with an
-API](http://www.django-rest-framework.org/topics/api-clients/) for
+API](https://www.django-rest-framework.org/) for
 additional examples and tips.
 
 ## Manually calling the API

docs/content/en/open_source/ldap-authentication.md

@@ -17,7 +17,7 @@ We will need to modify a grand total of 4-5 files, depending on how you want to
  - Dockerfile.django-*
  - Dockerfile.nginx-*
  - requirements.txt
- - settings.dist.py
+ - local_settings.py
  - docker-compose.yml *(Optional)*
 
 
@@ -36,8 +36,8 @@ ldap-utils \
 
 Please check for the latest version of these requirements at the time of implementation on pypi.org and use those if you can.
 
-- [https://pypi.org/project/python-ldap/](python-ldap)
-- [https://pypi.org/project/django-auth-ldap/](django-auth-ldap)
+- [python-ldap](https://pypi.org/project/python-ldap/)
+- [django-auth-ldap](https://pypi.org/project/django-auth-ldap/)
 
 Otherwise add the following to requirements.txt:
 
@@ -47,9 +47,9 @@ django-auth-ldap==4.1.0
 ```
 
 
-#### settings.dist.py
+#### local_settings.py
 
-Find the settings file (hint: `/dojo/settings/settings.dist.py`) and add the following:
+Find the settings file (hint: check in `/dojo/settings/settings.py` for instructions for how to use `/dojo/settings/local_settings.py`, if the file does not already exist) and add the following:
 
 At the top of the file:
 ```python
@@ -116,7 +116,7 @@ Read the docs for Django Authentication with LDAP here: https://django-auth-ldap
 
 #### docker-compose.yml
 
-In order to pass the variables to the settings.dist.py file via docker, it's a good idea to add these to the docker compose file.
+In order to pass the variables to the local_settings.py file via docker, it's a good idea to add these to the docker compose file.
 
 You can do this by adding the following variables to the environment section for the uwsgi image:
 ```yaml

docs/package.json

@@ -21,7 +21,7 @@
   },
   "devDependencies": {
     "prettier": "^3.3.3",
-    "vite": "^6.0.0"
+    "vite": "^6.0.9"
   },
   "engines": {
     "node": ">=20.11.0"

requirements.txt

@@ -1,5 +1,5 @@
 # requirements.txt for DefectDojo using Python 3.x
-asteval==1.0.5
+asteval==1.0.6
 bleach==6.2.0
 bleach[css]
 celery==5.4.0