chore(deps-dev): Bump bandit from 1.7.5 to 1.7.6

[dependabot[bot]]

Bumps bandit from 1.7.5 to 1.7.6.

Release notes

Sourced from bandit's releases.

1.7.6

What's Changed

• Update bug report to include version 1.7.5 by @​ericwb in PyCQA/bandit#993
• Render Python 3.10 in drop down correctly by @​ericwb in PyCQA/bandit#997
• Remove checks for Python2 urllib by @​ericwb in PyCQA/bandit#999
• Improper detection of non-requests module by @​ericwb in PyCQA/bandit#1011
• xmlrpclib replaced with xmlrpc in Python3 by @​ericwb in PyCQA/bandit#1012
• language and linting updates by @​marksmayo in PyCQA/bandit#1015
• Adds check for crypt module usage as weak hash by @​ericwb in PyCQA/bandit#1018
• Switch to tox 4 by @​mportesdev in PyCQA/bandit#1020
• Skip unnecessary pip install commands in the pythonpackage.yml workflow by @​mportesdev in PyCQA/bandit#1021
• Update versions of used GitHub Actions by @​mportesdev in PyCQA/bandit#1024
• Update pre-commit hooks by @​mportesdev in PyCQA/bandit#1026
• Add random.Random to B311 checks by @​shiftinv in PyCQA/bandit#940
• Add a copy button to all code snippets in docs by @​ericwb in PyCQA/bandit#1030
• Replace pbr in favor of importlib by @​ericwb in PyCQA/bandit#1016
• Switch from open collective to PSF by @​ericwb in PyCQA/bandit#1031
• Make pre-commit run Bandit hook using a single process by @​Klavionik in PyCQA/bandit#1029
• Remove support for Python 3.7 due to end-of-life by @​ericwb in PyCQA/bandit#1034
• Update asserts.py documentation by @​deronnax in PyCQA/bandit#1036
• Simplify wrap_file_object by @​mportesdev in PyCQA/bandit#1037
• django_rawsql_used: support keyword arguments used in RawSQL by @​kevinmarsh in PyCQA/bandit#765
• Avoid gitpyhon CVE-2022-24439 by @​carlosduelo in PyCQA/bandit#1048
• Update blacklist call documentation by @​costaparas in PyCQA/bandit#1045
• Support ignoring blacklists by name by @​costaparas in PyCQA/bandit#1046
• Fix dependabot to update github actions by @​ericwb in PyCQA/bandit#1057
• Bump actions/checkout from 3 to 4 by @​dependabot in PyCQA/bandit#1058
• Fix for ReadtheDocs build by @​ericwb in PyCQA/bandit#1061
• fix(plugins/B507): also detect class instances by @​mkniewallner in PyCQA/bandit#1064
• Use mirror repository for black pre-commit hook by @​mportesdev in PyCQA/bandit#1070
• Add official support of Python 3.12 by @​ericwb in PyCQA/bandit#1068
• Fix crash on pyproject.toml without bandit config by @​javajawa in PyCQA/bandit#1073
• refactor: remove importlib-metadata fallback by @​mkniewallner in PyCQA/bandit#1066
• Fixes for sphinx build by @​ericwb in PyCQA/bandit#1063

New Contributors

• @​marksmayo made their first contribution in PyCQA/bandit#1015
• @​shiftinv made their first contribution in PyCQA/bandit#940
• @​Klavionik made their first contribution in PyCQA/bandit#1029
• @​deronnax made their first contribution in PyCQA/bandit#1036
• @​kevinmarsh made their first contribution in PyCQA/bandit#765
• @​carlosduelo made their first contribution in PyCQA/bandit#1048
• @​costaparas made their first contribution in PyCQA/bandit#1045
• @​dependabot made their first contribution in PyCQA/bandit#1058
• @​javajawa made their first contribution in PyCQA/bandit#1073

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6

Commits

• f3a18ab Fixes for sphinx build (#1063)
• 4dea02e refactor: remove importlib-metadata fallback (#1066)
• 0d35086 Fix crash on pyproject.toml without bandit config (#1073)
• 6b2e247 Add official support of Python 3.12 (#1068)
• 9a2884e Use mirror repository for black pre-commit hook (#1070)
• 6969489 fix(plugins/B507): also detect class instances (#1064)
• 02faada Fix for ReadtheDocs build (#1061)
• f016e50 Bump actions/checkout from 3 to 4 (#1058)
• 0f49be7 Fix dependabot to update github actions (#1057)
• 6d1d11c Support ignoring blacklists by name (#1046)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Manifest Files

poetry.lock

• bandit@1.7.6
• bandit@1.7.5

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (310d1ad) 18.39% compared to head (d0daf15) 18.39%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #160 +/- ## ======================================= Coverage 18.39% 18.39% ======================================= Files 6 6 Lines 212 212 ======================================= Hits 39 39 Misses 173 173 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.