Bump boto3 from 1.35.93 to 1.35.96

[dependabot]

Bumps boto3 from 1.35.93 to 1.35.96.

Commits

• 72c953c Merge branch 'release-1.35.96'
• 15f3198 Bumping version to 1.35.96
• 84ce3c0 Add changelog entries from botocore
• 72e84a2 Merge branch 'release-1.35.95'
• 0855227 Merge branch 'release-1.35.95' into develop
• b9361b6 Bumping version to 1.35.95
• d535b80 Add changelog entries from botocore
• 478904d Merge branch 'release-1.35.94'
• 155f63d Merge branch 'release-1.35.94' into develop
• 3886abb Bumping version to 1.35.94
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
boto3	[< 1.25, > 1.24.55]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The code change updates the boto3 library in the requirements.txt file from version 1.35.93 to 1.35.96, highlighting the importance of maintaining up-to-date and secure dependencies in the DefectDojo application.

Expand for full summary

Summary:

The provided code change is an update to the requirements.txt file, which lists the Python dependencies required for the DefectDojo application. The specific change is an update to the boto3 library from version 1.35.93 to 1.35.96. While this update is not particularly noteworthy from a security perspective, it's essential to review the entire requirements.txt file to ensure that all dependencies are up-to-date and secure.

Some key security considerations include verifying that all dependencies are using the latest stable versions to address any known security vulnerabilities, removing any unused dependencies that could introduce unnecessary attack surface, and ensuring that the dependencies are from trusted sources and do not contain any known security issues or vulnerabilities. Additionally, it's recommended to use a dependency management tool, such as pip-audit or snyk, to regularly scan the dependencies and identify any potential security risks.

Files Changed:

• requirements.txt: The changes in this file update the boto3 library from version 1.35.93 to 1.35.96. While this is a routine update, it's important to review the entire requirements.txt file to ensure that all dependencies are up-to-date and secure, and that any unused dependencies are removed to minimize the application's attack surface.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.

[mtesauro]

Approved