Upgrade Django to version 3.2.23 (#2507)

* upgrade django update patch to 3.2.23 * upload Trivy results to security tab on pull request * do not exit when trivy scan fails * revert to only run Trivy Slack summary on push
onaio · Nov 16, 2023 · 9b356a1 · 9b356a1
1 parent 0853379
commit 9b356a1
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 12 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -46,8 +46,7 @@ jobs:
           pip install -r requirements/azure.pip
 
       - name: Install linting tools
-        run:
-          pip install prospector==1.7.7 pylint==2.14.5
+        run: pip install prospector==1.7.7 pylint==2.14.5
 
       - name: Run Prospector
         run: prospector -X -s veryhigh onadata
@@ -200,9 +199,8 @@ jobs:
           image-ref: onaio/onadata:${{ github.head_ref || github.base_ref || env.version }}
           format: sarif
           ignore-unfixed: true
-          severity: 'CRITICAL,HIGH'
-          exit-code: '1'
-          output: 'trivy_results.sarif'
+          severity: "CRITICAL,HIGH"
+          output: "trivy_results.sarif"
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
@@ -211,13 +209,13 @@ jobs:
           image-ref: onaio/onadata:${{ github.head_ref || github.base_ref || env.version }}
           format: sarif
           ignore-unfixed: true
-          output: 'trivy_results.sarif'
+          output: "trivy_results.sarif"
 
       - name: Upload vulnerability scan results
         uses: github/codeql-action/upload-sarif@v2
-        if: github.event_name == 'push'
+        if: github.event_name == 'push' || github.event_name == 'pull_request'
         with:
-          sarif_file: 'trivy_results.sarif'
+          sarif_file: "trivy_results.sarif"
 
       - name: Run Trivy vulnerability for Slack summary
         uses: aquasecurity/trivy-action@master
@@ -226,7 +224,7 @@ jobs:
           image-ref: onaio/onadata:${{ github.head_ref || github.base_ref || env.version }}
           format: json
           ignore-unfixed: true
-          output: 'trivy_results.json'
+          output: "trivy_results.json"
 
       - name: Create summary of trivy issues
         if: github.event_name == 'push'

diff --git a/requirements/base.pip b/requirements/base.pip
@@ -99,7 +99,7 @@ deprecated==1.2.14
     #   onadata
 dict2xml==1.7.3
     # via onadata
-django==3.2.20
+django==3.2.23
     # via
     #   django-activity-stream
     #   django-cors-headers

diff --git a/requirements/dev.pip b/requirements/dev.pip
@@ -110,7 +110,7 @@ dict2xml==1.7.3
     # via onadata
 dill==0.3.7
     # via pylint
-django==3.2.20
+django==3.2.23
     # via
     #   django-activity-stream
     #   django-cors-headers

diff --git a/setup.cfg b/setup.cfg
@@ -27,7 +27,7 @@ tests_require =
     mock
     requests-mock
 install_requires =
-    Django>=3.2.20,<4
+    Django>=3.2.23,<4
     django-guardian
     django-registration-redux
     django-templated-email