Show the changelog, MR description and Dockerfile changes when updating addons
What does this MR do?
The last time I updated the ZAP addons I spent a lot of time working out the correct URLs and what effects each upgrade had.
This MR aims to make that easier by outputting three sections. The changes required in the Dockerfile
, the changes to add to the CHANGELOG.md
and a list of addons updated with their changes that can be used in the update merge request.
To test the script locally run:
docker build -t dast . && ./scripts/identify-addon-updates.sh
The output will look something like:
Updates required
Add or replace these addons in the Docker file:
rm -f spiderAjax-* && wget https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.2.0/spiderAjax-release-23.2.0.zap && \
rm -f webdriverlinux-* && wget https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v22/webdriverlinux-release-22.zap && \
rm -f webdrivermacos-* && wget https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v21/webdrivermacos-release-21.zap && \
rm -f webdriverwindows-* && wget https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v22/webdriverwindows-release-22.zap && \
CHANGE LOG ENTRY:
- Upgrade ZAP add-on `Ajax Spider` to [23.2.0](https://github.com/zaproxy/zap-extensions/releases/spiderAjax-v23.2.0) (!__MR_ID__)
- Upgrade ZAP add-on `Linux WebDrivers` to [22.0.0](https://github.com/zaproxy/zap-extensions/releases/webdriverlinux-v22) (!__MR_ID__)
- Upgrade ZAP add-on `MacOS WebDrivers` to [21.0.0](https://github.com/zaproxy/zap-extensions/releases/webdrivermacos-v21) (!__MR_ID__)
- Upgrade ZAP add-on `Windows WebDrivers` to [22.0.0](https://github.com/zaproxy/zap-extensions/releases/webdriverwindows-v22) (!__MR_ID__)
MR Description:
### Upgrade ZAP add-on `Ajax Spider` to [23.2.0](https://github.com/zaproxy/zap-extensions/releases/spiderAjax-v23.2.0)
#### Added
* Allow to specify allowed resources (Issue 3236). The allowed resources are always fetchedeven if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties.By default it allows files with extension `` .js `` and `` .css ``.
#### Changed
* Update minimum ZAP version to 2.9.0.
* Maintenance changes.
#### Fixed
* Unregister the event publisher when the add-on is uninstalled.
* Persist the state of "Remove Without Confirmation" of non-default elements to click.
### Upgrade ZAP add-on `Linux WebDrivers` to [22.0.0](https://github.com/zaproxy/zap-extensions/releases/webdriverlinux-v22)
#### Changed
* Update geckodriver to 0.28.0.
### Upgrade ZAP add-on `MacOS WebDrivers` to [21.0.0](https://github.com/zaproxy/zap-extensions/releases/webdrivermacos-v21)
#### Changed
* Update geckodriver to 0.28.0.
### Upgrade ZAP add-on `Windows WebDrivers` to [22.0.0](https://github.com/zaproxy/zap-extensions/releases/webdriverwindows-v22)
#### Changed
* Update geckodriver to 0.28.0.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Craig Smith