Merge branch 'main' into risk

CHANGELOG.rst

@@ -1,11 +1,15 @@
 Release notes
 =============
 
-
 Version (next)
 -------------------
 
+
+Version v34.0.2
+-------------------
+
 - Add management command to commit exported vulnerability data (#1600)
+- Fix API 500 error (#1603)
 
 
 Version v34.0.1

requirements.txt

@@ -21,12 +21,13 @@ click==8.1.2
 coreapi==2.3.3
 coreschema==0.0.4
 cryptography==43.0.1
+crispy-bootstrap4==2024.1
 cwe2==3.0.0
 dateparser==1.1.1
 decorator==5.1.1
 defusedxml==0.7.1
 distro==1.7.0
-Django==4.2.15
+Django==4.2.16
 django-crispy-forms==2.3
 django-environ==0.11.2
 django-filter==24.3
@@ -35,10 +36,10 @@ djangorestframework==3.15.2
 doc8==0.11.1
 docopt==0.6.2
 docutils==0.17.1
-drf-spectacular==0.27.2
-drf-spectacular-sidecar==2024.7.1 
+drf-spectacular==0.24.2
+drf-spectacular-sidecar==2022.10.1
 executing==0.8.3
-fetchcode==0.3.0
+fetchcode==0.6.0
 freezegun==1.2.1
 frozenlist==1.3.0
 gitdb==4.0.9

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = vulnerablecode
-version = 34.0.1
+version = 34.0.2
 license = Apache-2.0 AND CC-BY-SA-4.0
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
@@ -62,11 +62,12 @@ install_requires =
     django-filter>=24.0
     django-widget-tweaks>=1.5.0
     django-crispy-forms>=2.3
+    crispy-bootstrap4>=2024.1
     django-environ>=0.11.0
     gunicorn>=23.0.0
 
     # for the API doc
-    drf-spectacular[sidecar]>=0.27.2
+    drf-spectacular[sidecar]>=0.24.2
 
     #essentials
     packageurl-python>=0.15
@@ -89,7 +90,7 @@ install_requires =
     # networking
     GitPython>=3.1.17
     requests>=2.25.1
-    fetchcode>=0.3.0
+    fetchcode>=0.6.0
 
     #pipeline
     aboutcode.pipeline>=0.1.0

vulnerabilities/api.py

@@ -685,14 +685,10 @@ def filter_alias(self, queryset, name, value):
         return self.queryset.filter(aliases__alias__icontains=alias)
 
 
-class AliasViewSet(viewsets.ReadOnlyModelViewSet):
+class AliasViewSet(VulnerabilityViewSet):
     """
     Lookup for vulnerabilities by vulnerability aliases such as a CVE
     (https://nvd.nist.gov/general/cve-process).
     """
 
-    queryset = Vulnerability.objects.all()
-    serializer_class = VulnerabilitySerializer
-    filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = AliasFilterSet
-    throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]

vulnerabilities/improvers/valid_versions.py

@@ -433,6 +433,7 @@ class GitHubBasicImprover(ValidVersionImprover):
             "3.0.0b3-",
             "3.0b6dev-r41684",
             "-class.-jw.util.version.Version-",
+            "vulnerabilities",
         ]
     )
 

vulnerabilities/migrations/0070_alter_advisory_created_by_and_more.py

@@ -0,0 +1,39 @@
+# Generated by Django 4.2.15 on 2024-10-07 12:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0069_exploit_delete_kev"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="advisory",
+            name="created_by",
+            field=models.CharField(
+                help_text="Fully qualified name of the importer prefixed with themodule name importing the advisory. Eg:vulnerabilities.pipeline.nginx_importer.NginxImporterPipeline",
+                max_length=100,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="packagechangelog",
+            name="software_version",
+            field=models.CharField(
+                default="34.0.2",
+                help_text="Version of the software at the time of change",
+                max_length=100,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="vulnerabilitychangelog",
+            name="software_version",
+            field=models.CharField(
+                default="34.0.2",
+                help_text="Version of the software at the time of change",
+                max_length=100,
+            ),
+        ),
+    ]

vulnerabilities/tests/pipelines/test_github_importer_pipeline.py

@@ -303,6 +303,13 @@ def test_get_package_versions(mock_response):
 
     improver = GitHubBasicImprover()
     valid_versions = [
+        "1.0.1",
+        "1.0.2",
+        "1.0.3",
+        "1.0.4",
+        "1.1",
+        "1.1.1",
+        "1.1.2",
         "1.1.3",
         "1.1.4",
         "1.10",
@@ -317,7 +324,9 @@ def test_get_package_versions(mock_response):
         "1.10a1",
         "1.10b1",
         "1.10rc1",
+        "vulnerabilities",
     ]
+
     result = sorted(
         improver.get_package_versions(package_url=PackageURL(type="pypi", name="django"))
     )

vulnerabilities/tests/pipelines/test_nginx_importer_pipeline.py

@@ -195,7 +195,7 @@ def interesting_advisories(self) -> QuerySet:
         )
         assert interesting_advisories == advisories
 
-    @mock.patch("fetchcode.package_versions.github_response")
+    @mock.patch("fetchcode.utils.github_response")
     def test_NginxBasicImprover_fetch_nginx_version_from_git_tags(self, mock_fetcher):
         reponse_files = [
             "github-nginx-nginx-0.json",

vulnerablecode/__init__.py

@@ -12,7 +12,7 @@
 import warnings
 from pathlib import Path
 
-__version__ = "34.0.1"
+__version__ = "34.0.2"
 
 
 def command_line():

vulnerablecode/settings.py

@@ -78,6 +78,7 @@
     "rest_framework.authtoken",
     "widget_tweaks",
     "crispy_forms",
+    "crispy_bootstrap4",
     # for API doc
     "drf_spectacular",
     # required for Django collectstatic discovery
@@ -196,6 +197,7 @@
     str(PROJECT_DIR / "static"),
 ]
 
+CRISPY_ALLOWED_TEMPLATE_PACKS = "bootstrap4"
 
 CRISPY_TEMPLATE_PACK = "bootstrap4"
 

vulntotal/datasources/github.py

@@ -11,7 +11,7 @@
 from typing import Iterable
 
 from dotenv import load_dotenv
-from fetchcode.package_versions import github_response
+from fetchcode.utils import github_response
 from packageurl import PackageURL
 
 from vulntotal.validator import DataSource