Changelog
### 1.7.7
```
What's Changed
* Add the new release to bandit versions of bug template by ericwb in https://github.com/PyCQA/bandit/pull/1075
* Bump actions/setup-python from 4 to 5 by dependabot in https://github.com/PyCQA/bandit/pull/1076
* Handle variant in how policy is passed in paramiko by ericwb in https://github.com/PyCQA/bandit/pull/1078
* Flag str.replace as possible sql injection by costaparas in https://github.com/PyCQA/bandit/pull/1044
* defusedxml: Show correct module name by kajinamit in https://github.com/PyCQA/bandit/pull/1081
* Add tidelift to the sponsor funding list by ericwb in https://github.com/PyCQA/bandit/pull/1089
* Create a security policy by ericwb in https://github.com/PyCQA/bandit/pull/1091
* Fix up issues found running Bandit on itself by ericwb in https://github.com/PyCQA/bandit/pull/1093
* Add random.randbytes to blacklist calls by ericwb in https://github.com/PyCQA/bandit/pull/1096
* Prepend ./ for files specified as CLI args by ericwb in https://github.com/PyCQA/bandit/pull/1094
* Rework GitPython dependency to be an extra for bandit-baseline by ericwb in https://github.com/PyCQA/bandit/pull/1099
* Bump actions/dependency-review-action from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1101
* Introduce Official Bandit Images by lukehinds in https://github.com/PyCQA/bandit/pull/1088
* Remove markdown formatting in reStructuredText formatted README by ericwb in https://github.com/PyCQA/bandit/pull/1103
* Downsize the org:repo name by lukehinds in https://github.com/PyCQA/bandit/pull/1104
New Contributors
* kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7
```
### 1.7.6
```
What's Changed
* Update bug report to include version 1.7.5 by ericwb in https://github.com/PyCQA/bandit/pull/993
* Render Python 3.10 in drop down correctly by ericwb in https://github.com/PyCQA/bandit/pull/997
* Remove checks for Python2 urllib by ericwb in https://github.com/PyCQA/bandit/pull/999
* Improper detection of non-requests module by ericwb in https://github.com/PyCQA/bandit/pull/1011
* xmlrpclib replaced with xmlrpc in Python3 by ericwb in https://github.com/PyCQA/bandit/pull/1012
* language and linting updates by marksmayo in https://github.com/PyCQA/bandit/pull/1015
* Adds check for crypt module usage as weak hash by ericwb in https://github.com/PyCQA/bandit/pull/1018
* Switch to tox 4 by mportesdev in https://github.com/PyCQA/bandit/pull/1020
* Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by mportesdev in https://github.com/PyCQA/bandit/pull/1021
* Update versions of used GitHub Actions by mportesdev in https://github.com/PyCQA/bandit/pull/1024
* Update pre-commit hooks by mportesdev in https://github.com/PyCQA/bandit/pull/1026
* Add `random.Random` to B311 checks by shiftinv in https://github.com/PyCQA/bandit/pull/940
* Add a copy button to all code snippets in docs by ericwb in https://github.com/PyCQA/bandit/pull/1030
* Replace pbr in favor of importlib by ericwb in https://github.com/PyCQA/bandit/pull/1016
* Switch from open collective to PSF by ericwb in https://github.com/PyCQA/bandit/pull/1031
* Make pre-commit run Bandit hook using a single process by Klavionik in https://github.com/PyCQA/bandit/pull/1029
* Remove support for Python 3.7 due to end-of-life by ericwb in https://github.com/PyCQA/bandit/pull/1034
* Update asserts.py documentation by deronnax in https://github.com/PyCQA/bandit/pull/1036
* Simplify `wrap_file_object` by mportesdev in https://github.com/PyCQA/bandit/pull/1037
* django_rawsql_used: support keyword arguments used in `RawSQL` by kevinmarsh in https://github.com/PyCQA/bandit/pull/765
* Avoid gitpyhon CVE-2022-24439 by carlosduelo in https://github.com/PyCQA/bandit/pull/1048
* Update blacklist call documentation by costaparas in https://github.com/PyCQA/bandit/pull/1045
* Support ignoring blacklists by name by costaparas in https://github.com/PyCQA/bandit/pull/1046
* Fix dependabot to update github actions by ericwb in https://github.com/PyCQA/bandit/pull/1057
* Bump actions/checkout from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1058
* Fix for ReadtheDocs build by ericwb in https://github.com/PyCQA/bandit/pull/1061
* fix(plugins/B507): also detect class instances by mkniewallner in https://github.com/PyCQA/bandit/pull/1064
* Use mirror repository for black pre-commit hook by mportesdev in https://github.com/PyCQA/bandit/pull/1070
* Add official support of Python 3.12 by ericwb in https://github.com/PyCQA/bandit/pull/1068
* Fix crash on pyproject.toml without bandit config by javajawa in https://github.com/PyCQA/bandit/pull/1073
* refactor: remove `importlib-metadata` fallback by mkniewallner in https://github.com/PyCQA/bandit/pull/1066
* Fixes for sphinx build by ericwb in https://github.com/PyCQA/bandit/pull/1063
New Contributors
* marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015
* shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940
* Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029
* deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036
* kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765
* carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048
* costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045
* dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058
* javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6
```
### 1.7.5
```
What's Changed
* Add an example screen shot of Bandit to README by ericwb in https://github.com/PyCQA/bandit/pull/847
* Bad link to screen shot by ericwb in https://github.com/PyCQA/bandit/pull/848
* Use a constant for weak hashes by ericwb in https://github.com/PyCQA/bandit/pull/850
* Group location line with code output by ericwb in https://github.com/PyCQA/bandit/pull/822
* Fix line range using Python 3.8 end_lineno by ericwb in https://github.com/PyCQA/bandit/pull/821
* Add classifier to indicate Py3 only by ericwb in https://github.com/PyCQA/bandit/pull/853
* Removal of blacklist call B309 httpsconnection by ericwb in https://github.com/PyCQA/bandit/pull/858
* Remove blacklist call check for os.tempnam by ericwb in https://github.com/PyCQA/bandit/pull/859
* Indiciate hash type in message by ericwb in https://github.com/PyCQA/bandit/pull/860
* Add the httpx module check for verify by ericwb in https://github.com/PyCQA/bandit/pull/861
* Add doc for hashlib plugin by ericwb in https://github.com/PyCQA/bandit/pull/862
* Make use of rich for progress bar by ericwb in https://github.com/PyCQA/bandit/pull/863
* Replace `toml` with `tomli` by mkniewallner in https://github.com/PyCQA/bandit/pull/829
* Fix up B109 and B111 removed plugins docs by ericwb in https://github.com/PyCQA/bandit/pull/864
* add check for "requests" calls without timeout by mschfh in https://github.com/PyCQA/bandit/pull/743
* Fix for build breaks in format job by ericwb in https://github.com/PyCQA/bandit/pull/869
* Add license and contributing links to docs by ericwb in https://github.com/PyCQA/bandit/pull/867
* Remove redundant word Bandit in titles of sections by ericwb in https://github.com/PyCQA/bandit/pull/873
* Add request for feedback via 👍 by ericwb in https://github.com/PyCQA/bandit/pull/871
* Add a Discord link to the docs by ericwb in https://github.com/PyCQA/bandit/pull/870
* Adding logging.config.listen() plugin with examples by raj3shp in https://github.com/PyCQA/bandit/pull/874
* Removal of ghugo by ericwb in https://github.com/PyCQA/bandit/pull/881
* Remove redundant pip line by ericwb in https://github.com/PyCQA/bandit/pull/884
* Corrected documentation on configuration by a-takahashi223 in https://github.com/PyCQA/bandit/pull/868
* Start testing against Python 3.11 by mkniewallner in https://github.com/PyCQA/bandit/pull/887
* Add myself to sponsor list by ericwb in https://github.com/PyCQA/bandit/pull/885
* Add Discord link to README by ericwb in https://github.com/PyCQA/bandit/pull/875
* Update action versions in Actions workflows (890) by mportesdev in https://github.com/PyCQA/bandit/pull/893
* Add dependency review action by ericwb in https://github.com/PyCQA/bandit/pull/891
* Fix an unclosed <b> tag in HTML formatter by mportesdev in https://github.com/PyCQA/bandit/pull/896
* 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by rajaramsrn in https://github.com/PyCQA/bandit/pull/897
* Make small fixes in docs by mportesdev in https://github.com/PyCQA/bandit/pull/899
* Specify semver range for Python 3.11 by mportesdev in https://github.com/PyCQA/bandit/pull/901
* Add another bad example of yaml load by ericwb in https://github.com/PyCQA/bandit/pull/905
* Add releases link in "Version control integration" by travisjungroth in https://github.com/PyCQA/bandit/pull/909
* Update version of dependency-review-action by mportesdev in https://github.com/PyCQA/bandit/pull/911
* Avoid redundant message if debug on by ericwb in https://github.com/PyCQA/bandit/pull/913
* Remove invalid checking on hashlib by ericwb in https://github.com/PyCQA/bandit/pull/914
* Add some missing curve types by ericwb in https://github.com/PyCQA/bandit/pull/920
* add jsonpickle deserialization blacklist by SugarP1g in https://github.com/PyCQA/bandit/pull/707
* Fix reading the number argument from config file by KAUTH in https://github.com/PyCQA/bandit/pull/923
* Add end_col_offset if available by ericwb in https://github.com/PyCQA/bandit/pull/851
* Enhancement Proposal: Plugin "assert_used" config-skip snippet by marianomartinelli in https://github.com/PyCQA/bandit/pull/695
* Blacklist pandas read_pickle and add functional test for it by jaspersival in https://github.com/PyCQA/bandit/pull/710
* Docs for request without timeout has dead link by ericwb in https://github.com/PyCQA/bandit/pull/925
* Add case for global exec by tonybaloney in https://github.com/PyCQA/bandit/pull/570
* Fix a false positive condition yaml_load by ericwb in https://github.com/PyCQA/bandit/pull/927
* Fix issue 453 jinja2 template select_autoescape when using jinja2.select_autoescape by kinow in https://github.com/PyCQA/bandit/pull/454
* Adding tarfile.extractall() plugin with examples by yilmi in https://github.com/PyCQA/bandit/pull/549
* Check for deprecated TLS 1.1 by ericwb in https://github.com/PyCQA/bandit/pull/928
* weak_cryptographic_key assumes positional arg by ericwb in https://github.com/PyCQA/bandit/pull/930
* Fix filename of B202 in docs by mportesdev in https://github.com/PyCQA/bandit/pull/932
* Remove python 2 reference in docs by ericwb in https://github.com/PyCQA/bandit/pull/933
* Pass correct number of arguments to match the `%s` placeholders. by mportesdev in https://github.com/PyCQA/bandit/pull/934
* Fixup some invalid pickle testing by ericwb in https://github.com/PyCQA/bandit/pull/924
* Fix json and yaml formatters to respect num lines by ericwb in https://github.com/PyCQA/bandit/pull/929
* Fix AttributeError on detect of tuple assign condition by ericwb in https://github.com/PyCQA/bandit/pull/931
* [docs] Mention `exclude_dirs` option available in TOML and YAML by bittner in https://github.com/PyCQA/bandit/pull/876
* Typo fix by PermanAtayev in https://github.com/PyCQA/bandit/pull/945
* remove py2 exec example in docs by clavedeluna in https://github.com/PyCQA/bandit/pull/947
* Add official Python 3.11 support by ericwb in https://github.com/PyCQA/bandit/pull/964
* DOC: Add explanation on how to use pre-commit with config file by phofl in https://github.com/PyCQA/bandit/pull/968
* Fix breaking build due to new tox by ericwb in https://github.com/PyCQA/bandit/pull/983
* Correct build status badge in README by gliptak in https://github.com/PyCQA/bandit/pull/980
* Improve detecting SQL injections in f-strings by kfrydel in https://github.com/PyCQA/bandit/pull/917
* Improve handling nosec for multi-line strings by kfrydel in https://github.com/PyCQA/bandit/pull/915
* Check for github action updates monthly by jlosito in https://github.com/PyCQA/bandit/pull/989
* Added a bit more `project_urls` by KOLANICH in https://github.com/PyCQA/bandit/pull/985
New Contributors
* mschfh made their first contribution in https://github.com/PyCQA/bandit/pull/743
* raj3shp made their first contribution in https://github.com/PyCQA/bandit/pull/874
* a-takahashi223 made their first contribution in https://github.com/PyCQA/bandit/pull/868
* mportesdev made their first contribution in https://github.com/PyCQA/bandit/pull/893
* rajaramsrn made their first contribution in https://github.com/PyCQA/bandit/pull/897
* travisjungroth made their first contribution in https://github.com/PyCQA/bandit/pull/909
* SugarP1g made their first contribution in https://github.com/PyCQA/bandit/pull/707
* KAUTH made their first contribution in https://github.com/PyCQA/bandit/pull/923
* marianomartinelli made their first contribution in https://github.com/PyCQA/bandit/pull/695
* jaspersival made their first contribution in https://github.com/PyCQA/bandit/pull/710
* kinow made their first contribution in https://github.com/PyCQA/bandit/pull/454
* yilmi made their first contribution in https://github.com/PyCQA/bandit/pull/549
* PermanAtayev made their first contribution in https://github.com/PyCQA/bandit/pull/945
* clavedeluna made their first contribution in https://github.com/PyCQA/bandit/pull/947
* phofl made their first contribution in https://github.com/PyCQA/bandit/pull/968
* gliptak made their first contribution in https://github.com/PyCQA/bandit/pull/980
* kfrydel made their first contribution in https://github.com/PyCQA/bandit/pull/917
* jlosito made their first contribution in https://github.com/PyCQA/bandit/pull/989
* KOLANICH made their first contribution in https://github.com/PyCQA/bandit/pull/985
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5
```
Links
- PyPI: https://pypi.org/project/bandit
- Changelog: https://data.safetycli.com/changelogs/bandit/
- Docs: https://bandit.readthedocs.io/
Update bandit from 1.7.4 to 1.7.7.
Changelog
### 1.7.7 ``` What's Changed * Add the new release to bandit versions of bug template by ericwb in https://github.com/PyCQA/bandit/pull/1075 * Bump actions/setup-python from 4 to 5 by dependabot in https://github.com/PyCQA/bandit/pull/1076 * Handle variant in how policy is passed in paramiko by ericwb in https://github.com/PyCQA/bandit/pull/1078 * Flag str.replace as possible sql injection by costaparas in https://github.com/PyCQA/bandit/pull/1044 * defusedxml: Show correct module name by kajinamit in https://github.com/PyCQA/bandit/pull/1081 * Add tidelift to the sponsor funding list by ericwb in https://github.com/PyCQA/bandit/pull/1089 * Create a security policy by ericwb in https://github.com/PyCQA/bandit/pull/1091 * Fix up issues found running Bandit on itself by ericwb in https://github.com/PyCQA/bandit/pull/1093 * Add random.randbytes to blacklist calls by ericwb in https://github.com/PyCQA/bandit/pull/1096 * Prepend ./ for files specified as CLI args by ericwb in https://github.com/PyCQA/bandit/pull/1094 * Rework GitPython dependency to be an extra for bandit-baseline by ericwb in https://github.com/PyCQA/bandit/pull/1099 * Bump actions/dependency-review-action from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1101 * Introduce Official Bandit Images by lukehinds in https://github.com/PyCQA/bandit/pull/1088 * Remove markdown formatting in reStructuredText formatted README by ericwb in https://github.com/PyCQA/bandit/pull/1103 * Downsize the org:repo name by lukehinds in https://github.com/PyCQA/bandit/pull/1104 New Contributors * kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081 **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7 ``` ### 1.7.6 ``` What's Changed * Update bug report to include version 1.7.5 by ericwb in https://github.com/PyCQA/bandit/pull/993 * Render Python 3.10 in drop down correctly by ericwb in https://github.com/PyCQA/bandit/pull/997 * Remove checks for Python2 urllib by ericwb in https://github.com/PyCQA/bandit/pull/999 * Improper detection of non-requests module by ericwb in https://github.com/PyCQA/bandit/pull/1011 * xmlrpclib replaced with xmlrpc in Python3 by ericwb in https://github.com/PyCQA/bandit/pull/1012 * language and linting updates by marksmayo in https://github.com/PyCQA/bandit/pull/1015 * Adds check for crypt module usage as weak hash by ericwb in https://github.com/PyCQA/bandit/pull/1018 * Switch to tox 4 by mportesdev in https://github.com/PyCQA/bandit/pull/1020 * Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by mportesdev in https://github.com/PyCQA/bandit/pull/1021 * Update versions of used GitHub Actions by mportesdev in https://github.com/PyCQA/bandit/pull/1024 * Update pre-commit hooks by mportesdev in https://github.com/PyCQA/bandit/pull/1026 * Add `random.Random` to B311 checks by shiftinv in https://github.com/PyCQA/bandit/pull/940 * Add a copy button to all code snippets in docs by ericwb in https://github.com/PyCQA/bandit/pull/1030 * Replace pbr in favor of importlib by ericwb in https://github.com/PyCQA/bandit/pull/1016 * Switch from open collective to PSF by ericwb in https://github.com/PyCQA/bandit/pull/1031 * Make pre-commit run Bandit hook using a single process by Klavionik in https://github.com/PyCQA/bandit/pull/1029 * Remove support for Python 3.7 due to end-of-life by ericwb in https://github.com/PyCQA/bandit/pull/1034 * Update asserts.py documentation by deronnax in https://github.com/PyCQA/bandit/pull/1036 * Simplify `wrap_file_object` by mportesdev in https://github.com/PyCQA/bandit/pull/1037 * django_rawsql_used: support keyword arguments used in `RawSQL` by kevinmarsh in https://github.com/PyCQA/bandit/pull/765 * Avoid gitpyhon CVE-2022-24439 by carlosduelo in https://github.com/PyCQA/bandit/pull/1048 * Update blacklist call documentation by costaparas in https://github.com/PyCQA/bandit/pull/1045 * Support ignoring blacklists by name by costaparas in https://github.com/PyCQA/bandit/pull/1046 * Fix dependabot to update github actions by ericwb in https://github.com/PyCQA/bandit/pull/1057 * Bump actions/checkout from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1058 * Fix for ReadtheDocs build by ericwb in https://github.com/PyCQA/bandit/pull/1061 * fix(plugins/B507): also detect class instances by mkniewallner in https://github.com/PyCQA/bandit/pull/1064 * Use mirror repository for black pre-commit hook by mportesdev in https://github.com/PyCQA/bandit/pull/1070 * Add official support of Python 3.12 by ericwb in https://github.com/PyCQA/bandit/pull/1068 * Fix crash on pyproject.toml without bandit config by javajawa in https://github.com/PyCQA/bandit/pull/1073 * refactor: remove `importlib-metadata` fallback by mkniewallner in https://github.com/PyCQA/bandit/pull/1066 * Fixes for sphinx build by ericwb in https://github.com/PyCQA/bandit/pull/1063 New Contributors * marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015 * shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940 * Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029 * deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036 * kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765 * carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048 * costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045 * dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058 * javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073 **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6 ``` ### 1.7.5 ``` What's Changed * Add an example screen shot of Bandit to README by ericwb in https://github.com/PyCQA/bandit/pull/847 * Bad link to screen shot by ericwb in https://github.com/PyCQA/bandit/pull/848 * Use a constant for weak hashes by ericwb in https://github.com/PyCQA/bandit/pull/850 * Group location line with code output by ericwb in https://github.com/PyCQA/bandit/pull/822 * Fix line range using Python 3.8 end_lineno by ericwb in https://github.com/PyCQA/bandit/pull/821 * Add classifier to indicate Py3 only by ericwb in https://github.com/PyCQA/bandit/pull/853 * Removal of blacklist call B309 httpsconnection by ericwb in https://github.com/PyCQA/bandit/pull/858 * Remove blacklist call check for os.tempnam by ericwb in https://github.com/PyCQA/bandit/pull/859 * Indiciate hash type in message by ericwb in https://github.com/PyCQA/bandit/pull/860 * Add the httpx module check for verify by ericwb in https://github.com/PyCQA/bandit/pull/861 * Add doc for hashlib plugin by ericwb in https://github.com/PyCQA/bandit/pull/862 * Make use of rich for progress bar by ericwb in https://github.com/PyCQA/bandit/pull/863 * Replace `toml` with `tomli` by mkniewallner in https://github.com/PyCQA/bandit/pull/829 * Fix up B109 and B111 removed plugins docs by ericwb in https://github.com/PyCQA/bandit/pull/864 * add check for "requests" calls without timeout by mschfh in https://github.com/PyCQA/bandit/pull/743 * Fix for build breaks in format job by ericwb in https://github.com/PyCQA/bandit/pull/869 * Add license and contributing links to docs by ericwb in https://github.com/PyCQA/bandit/pull/867 * Remove redundant word Bandit in titles of sections by ericwb in https://github.com/PyCQA/bandit/pull/873 * Add request for feedback via 👍 by ericwb in https://github.com/PyCQA/bandit/pull/871 * Add a Discord link to the docs by ericwb in https://github.com/PyCQA/bandit/pull/870 * Adding logging.config.listen() plugin with examples by raj3shp in https://github.com/PyCQA/bandit/pull/874 * Removal of ghugo by ericwb in https://github.com/PyCQA/bandit/pull/881 * Remove redundant pip line by ericwb in https://github.com/PyCQA/bandit/pull/884 * Corrected documentation on configuration by a-takahashi223 in https://github.com/PyCQA/bandit/pull/868 * Start testing against Python 3.11 by mkniewallner in https://github.com/PyCQA/bandit/pull/887 * Add myself to sponsor list by ericwb in https://github.com/PyCQA/bandit/pull/885 * Add Discord link to README by ericwb in https://github.com/PyCQA/bandit/pull/875 * Update action versions in Actions workflows (890) by mportesdev in https://github.com/PyCQA/bandit/pull/893 * Add dependency review action by ericwb in https://github.com/PyCQA/bandit/pull/891 * Fix an unclosed <b> tag in HTML formatter by mportesdev in https://github.com/PyCQA/bandit/pull/896 * 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by rajaramsrn in https://github.com/PyCQA/bandit/pull/897 * Make small fixes in docs by mportesdev in https://github.com/PyCQA/bandit/pull/899 * Specify semver range for Python 3.11 by mportesdev in https://github.com/PyCQA/bandit/pull/901 * Add another bad example of yaml load by ericwb in https://github.com/PyCQA/bandit/pull/905 * Add releases link in "Version control integration" by travisjungroth in https://github.com/PyCQA/bandit/pull/909 * Update version of dependency-review-action by mportesdev in https://github.com/PyCQA/bandit/pull/911 * Avoid redundant message if debug on by ericwb in https://github.com/PyCQA/bandit/pull/913 * Remove invalid checking on hashlib by ericwb in https://github.com/PyCQA/bandit/pull/914 * Add some missing curve types by ericwb in https://github.com/PyCQA/bandit/pull/920 * add jsonpickle deserialization blacklist by SugarP1g in https://github.com/PyCQA/bandit/pull/707 * Fix reading the number argument from config file by KAUTH in https://github.com/PyCQA/bandit/pull/923 * Add end_col_offset if available by ericwb in https://github.com/PyCQA/bandit/pull/851 * Enhancement Proposal: Plugin "assert_used" config-skip snippet by marianomartinelli in https://github.com/PyCQA/bandit/pull/695 * Blacklist pandas read_pickle and add functional test for it by jaspersival in https://github.com/PyCQA/bandit/pull/710 * Docs for request without timeout has dead link by ericwb in https://github.com/PyCQA/bandit/pull/925 * Add case for global exec by tonybaloney in https://github.com/PyCQA/bandit/pull/570 * Fix a false positive condition yaml_load by ericwb in https://github.com/PyCQA/bandit/pull/927 * Fix issue 453 jinja2 template select_autoescape when using jinja2.select_autoescape by kinow in https://github.com/PyCQA/bandit/pull/454 * Adding tarfile.extractall() plugin with examples by yilmi in https://github.com/PyCQA/bandit/pull/549 * Check for deprecated TLS 1.1 by ericwb in https://github.com/PyCQA/bandit/pull/928 * weak_cryptographic_key assumes positional arg by ericwb in https://github.com/PyCQA/bandit/pull/930 * Fix filename of B202 in docs by mportesdev in https://github.com/PyCQA/bandit/pull/932 * Remove python 2 reference in docs by ericwb in https://github.com/PyCQA/bandit/pull/933 * Pass correct number of arguments to match the `%s` placeholders. by mportesdev in https://github.com/PyCQA/bandit/pull/934 * Fixup some invalid pickle testing by ericwb in https://github.com/PyCQA/bandit/pull/924 * Fix json and yaml formatters to respect num lines by ericwb in https://github.com/PyCQA/bandit/pull/929 * Fix AttributeError on detect of tuple assign condition by ericwb in https://github.com/PyCQA/bandit/pull/931 * [docs] Mention `exclude_dirs` option available in TOML and YAML by bittner in https://github.com/PyCQA/bandit/pull/876 * Typo fix by PermanAtayev in https://github.com/PyCQA/bandit/pull/945 * remove py2 exec example in docs by clavedeluna in https://github.com/PyCQA/bandit/pull/947 * Add official Python 3.11 support by ericwb in https://github.com/PyCQA/bandit/pull/964 * DOC: Add explanation on how to use pre-commit with config file by phofl in https://github.com/PyCQA/bandit/pull/968 * Fix breaking build due to new tox by ericwb in https://github.com/PyCQA/bandit/pull/983 * Correct build status badge in README by gliptak in https://github.com/PyCQA/bandit/pull/980 * Improve detecting SQL injections in f-strings by kfrydel in https://github.com/PyCQA/bandit/pull/917 * Improve handling nosec for multi-line strings by kfrydel in https://github.com/PyCQA/bandit/pull/915 * Check for github action updates monthly by jlosito in https://github.com/PyCQA/bandit/pull/989 * Added a bit more `project_urls` by KOLANICH in https://github.com/PyCQA/bandit/pull/985 New Contributors * mschfh made their first contribution in https://github.com/PyCQA/bandit/pull/743 * raj3shp made their first contribution in https://github.com/PyCQA/bandit/pull/874 * a-takahashi223 made their first contribution in https://github.com/PyCQA/bandit/pull/868 * mportesdev made their first contribution in https://github.com/PyCQA/bandit/pull/893 * rajaramsrn made their first contribution in https://github.com/PyCQA/bandit/pull/897 * travisjungroth made their first contribution in https://github.com/PyCQA/bandit/pull/909 * SugarP1g made their first contribution in https://github.com/PyCQA/bandit/pull/707 * KAUTH made their first contribution in https://github.com/PyCQA/bandit/pull/923 * marianomartinelli made their first contribution in https://github.com/PyCQA/bandit/pull/695 * jaspersival made their first contribution in https://github.com/PyCQA/bandit/pull/710 * kinow made their first contribution in https://github.com/PyCQA/bandit/pull/454 * yilmi made their first contribution in https://github.com/PyCQA/bandit/pull/549 * PermanAtayev made their first contribution in https://github.com/PyCQA/bandit/pull/945 * clavedeluna made their first contribution in https://github.com/PyCQA/bandit/pull/947 * phofl made their first contribution in https://github.com/PyCQA/bandit/pull/968 * gliptak made their first contribution in https://github.com/PyCQA/bandit/pull/980 * kfrydel made their first contribution in https://github.com/PyCQA/bandit/pull/917 * jlosito made their first contribution in https://github.com/PyCQA/bandit/pull/989 * KOLANICH made their first contribution in https://github.com/PyCQA/bandit/pull/985 **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5 ```Links
- PyPI: https://pypi.org/project/bandit - Changelog: https://data.safetycli.com/changelogs/bandit/ - Docs: https://bandit.readthedocs.io/