renovate[bot]
commented
2 months ago Renovate Ignore Notification
Because you closed this PR without merging, Renovate will ignore this update (==1.7.8). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
==1.7.4->==1.7.8Release Notes
PyCQA/bandit (bandit)
### [`v1.7.8`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://togithub.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://togithub.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://togithub.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://togithub.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://togithub.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@etienneschalk](https://togithub.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://togithub.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://togithub.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://togithub.com/PyCQA/bandit/pull/1113) #### New Contributors - [@etienneschalk](https://togithub.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - [@shihai1991](https://togithub.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8 ### [`v1.7.7`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.7) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.6...1.7.7) #### What's Changed - Add the new release to bandit versions of bug template by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1075](https://togithub.com/PyCQA/bandit/pull/1075) - Bump actions/setup-python from 4 to 5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1076](https://togithub.com/PyCQA/bandit/pull/1076) - Handle variant in how policy is passed in paramiko by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1078](https://togithub.com/PyCQA/bandit/pull/1078) - Flag str.replace as possible sql injection by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1044](https://togithub.com/PyCQA/bandit/pull/1044) - defusedxml: Show correct module name by [@kajinamit](https://togithub.com/kajinamit) in [https://github.com/PyCQA/bandit/pull/1081](https://togithub.com/PyCQA/bandit/pull/1081) - Add tidelift to the sponsor funding list by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1089](https://togithub.com/PyCQA/bandit/pull/1089) - Create a security policy by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1091](https://togithub.com/PyCQA/bandit/pull/1091) - Fix up issues found running Bandit on itself by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1093](https://togithub.com/PyCQA/bandit/pull/1093) - Add random.randbytes to blacklist calls by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1096](https://togithub.com/PyCQA/bandit/pull/1096) - Prepend ./ for files specified as CLI args by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1094](https://togithub.com/PyCQA/bandit/pull/1094) - Rework GitPython dependency to be an extra for bandit-baseline by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1099](https://togithub.com/PyCQA/bandit/pull/1099) - Bump actions/dependency-review-action from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1101](https://togithub.com/PyCQA/bandit/pull/1101) - Introduce Official Bandit Images by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1088](https://togithub.com/PyCQA/bandit/pull/1088) - Remove markdown formatting in reStructuredText formatted README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1103](https://togithub.com/PyCQA/bandit/pull/1103) - Downsize the org:repo name by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1104](https://togithub.com/PyCQA/bandit/pull/1104) #### New Contributors - [@kajinamit](https://togithub.com/kajinamit) made their first contribution in [https://github.com/PyCQA/bandit/pull/1081](https://togithub.com/PyCQA/bandit/pull/1081) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7 ### [`v1.7.6`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.6) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.5...1.7.6) #### What's Changed - Update bug report to include version 1.7.5 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://togithub.com/PyCQA/bandit/pull/993) - Render Python 3.10 in drop down correctly by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://togithub.com/PyCQA/bandit/pull/997) - Remove checks for Python2 urllib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://togithub.com/PyCQA/bandit/pull/999) - Improper detection of non-requests module by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://togithub.com/PyCQA/bandit/pull/1011) - xmlrpclib replaced with xmlrpc in Python3 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://togithub.com/PyCQA/bandit/pull/1012) - language and linting updates by [@marksmayo](https://togithub.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015) - Adds check for crypt module usage as weak hash by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://togithub.com/PyCQA/bandit/pull/1018) - Switch to tox 4 by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://togithub.com/PyCQA/bandit/pull/1020) - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://togithub.com/PyCQA/bandit/pull/1021) - Update versions of used GitHub Actions by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://togithub.com/PyCQA/bandit/pull/1024) - Update pre-commit hooks by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://togithub.com/PyCQA/bandit/pull/1026) - Add `random.Random` to B311 checks by [@shiftinv](https://togithub.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940) - Add a copy button to all code snippets in docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://togithub.com/PyCQA/bandit/pull/1030) - Replace pbr in favor of importlib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://togithub.com/PyCQA/bandit/pull/1016) - Switch from open collective to PSF by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://togithub.com/PyCQA/bandit/pull/1031) - Make pre-commit run Bandit hook using a single process by [@Klavionik](https://togithub.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029) - Remove support for Python 3.7 due to end-of-life by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://togithub.com/PyCQA/bandit/pull/1034) - Update asserts.py documentation by [@deronnax](https://togithub.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036) - Simplify `wrap_file_object` by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://togithub.com/PyCQA/bandit/pull/1037) - django_rawsql_used: support keyword arguments used in `RawSQL` by [@kevinmarsh](https://togithub.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765) - Avoid gitpyhon CVE-2022-24439 by [@carlosduelo](https://togithub.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048) - Update blacklist call documentation by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045) - Support ignoring blacklists by name by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://togithub.com/PyCQA/bandit/pull/1046) - Fix dependabot to update github actions by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://togithub.com/PyCQA/bandit/pull/1057) - Bump actions/checkout from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058) - Fix for ReadtheDocs build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://togithub.com/PyCQA/bandit/pull/1061) - fix(plugins/B507): also detect class instances by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://togithub.com/PyCQA/bandit/pull/1064) - Use mirror repository for black pre-commit hook by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://togithub.com/PyCQA/bandit/pull/1070) - Add official support of Python 3.12 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://togithub.com/PyCQA/bandit/pull/1068) - Fix crash on pyproject.toml without bandit config by [@javajawa](https://togithub.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073) - refactor: remove `importlib-metadata` fallback by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://togithub.com/PyCQA/bandit/pull/1066) - Fixes for sphinx build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://togithub.com/PyCQA/bandit/pull/1063) #### New Contributors - [@marksmayo](https://togithub.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015) - [@shiftinv](https://togithub.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940) - [@Klavionik](https://togithub.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029) - [@deronnax](https://togithub.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036) - [@kevinmarsh](https://togithub.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765) - [@carlosduelo](https://togithub.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048) - [@costaparas](https://togithub.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045) - [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058) - [@javajawa](https://togithub.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6 ### [`v1.7.5`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.5) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.4...1.7.5) #### What's Changed - Add an example screen shot of Bandit to README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/847](https://togithub.com/PyCQA/bandit/pull/847) - Bad link to screen shot by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/848](https://togithub.com/PyCQA/bandit/pull/848) - Use a constant for weak hashes by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/850](https://togithub.com/PyCQA/bandit/pull/850) - Group location line with code output by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/822](https://togithub.com/PyCQA/bandit/pull/822) - Fix line range using Python 3.8 end_lineno by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/821](https://togithub.com/PyCQA/bandit/pull/821) - Add classifier to indicate Py3 only by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/853](https://togithub.com/PyCQA/bandit/pull/853) - Removal of blacklist call B309 httpsconnection by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/858](https://togithub.com/PyCQA/bandit/pull/858) - Remove blacklist call check for os.tempnam by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/859](https://togithub.com/PyCQA/bandit/pull/859) - Indiciate hash type in message by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/860](https://togithub.com/PyCQA/bandit/pull/860) - Add the httpx module check for verify by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/861](https://togithub.com/PyCQA/bandit/pull/861) - Add doc for hashlib plugin by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/862](https://togithub.com/PyCQA/bandit/pull/862) - Make use of rich for progress bar by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/863](https://togithub.com/PyCQA/bandit/pull/863) - Replace `toml` with `tomli` by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/829](https://togithub.com/PyCQA/bandit/pull/829) - Fix up B109 and B111 removed plugins docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/864](https://togithub.com/PyCQA/bandit/pull/864) - add check for "requests" calls without timeout by [@mschfh](https://togithub.com/mschfh) in [https://github.com/PyCQA/bandit/pull/743](https://togithub.com/PyCQA/bandit/pull/743) - Fix for build breaks in format job by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/869](https://togithub.com/PyCQA/bandit/pull/869) - Add license and contributing links to docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/867](https://togithub.com/PyCQA/bandit/pull/867) - Remove redundant word Bandit in titles of sections by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/873](https://togithub.com/PyCQA/bandit/pull/873) - Add request for feedback via 👍 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/871](https://togithub.com/PyCQA/bandit/pull/871) - Add a Discord link to the docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/870](https://togithub.com/PyCQA/bandit/pull/870) - Adding logging.config.listen() plugin with examples by [@raj3shp](https://togithub.com/raj3shp) in [https://github.com/PyCQA/bandit/pull/874](https://togithub.com/PyCQA/bandit/pull/874) - Removal of ghugo by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/881](https://togithub.com/PyCQA/bandit/pull/881) - Remove redundant pip line by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/884](https://togithub.com/PyCQA/bandit/pull/884) - Corrected documentation on configuration by [@a-takahashi223](https://togithub.com/a-takahashi223) in [https://github.com/PyCQA/bandit/pull/868](https://togithub.com/PyCQA/bandit/pull/868) - Start testing against Python 3.11 by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/887](https://togithub.com/PyCQA/bandit/pull/887) - Add myself to sponsor list by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/885](https://togithub.com/PyCQA/bandit/pull/885) - Add Discord link to README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/875](https://togithub.com/PyCQA/bandit/pull/875) - Update action versions in Actions workflows ([#890](https://togithub.com/PyCQA/bandit/issues/890)) by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/893](https://togithub.com/PyCQA/bandit/pull/893) - Add dependency review action by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/891](https://togithub.com/PyCQA/bandit/pull/891) - Fix an unclosed tag in HTML formatter by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/896](https://togithub.com/PyCQA/bandit/pull/896) - 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by [@rajaramsrn](https://togithub.com/rajaramsrn) in [https://github.com/PyCQA/bandit/pull/897](https://togithub.com/PyCQA/bandit/pull/897) - Make small fixes in docs by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/899](https://togithub.com/PyCQA/bandit/pull/899) - Specify semver range for Python 3.11 by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/901](https://togithub.com/PyCQA/bandit/pull/901) - Add another bad example of yaml load by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/905](https://togithub.com/PyCQA/bandit/pull/905) - Add releases link in "Version control integration" by [@travisjungroth](https://togithub.com/travisjungroth) in [https://github.com/PyCQA/bandit/pull/909](https://togithub.com/PyCQA/bandit/pull/909) - Update version of dependency-review-action by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/911](https://togithub.com/PyCQA/bandit/pull/911) - Avoid redundant message if debug on by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/913](https://togithub.com/PyCQA/bandit/pull/913) - Remove invalid checking on hashlib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/914](https://togithub.com/PyCQA/bandit/pull/914) - Add some missing curve types by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/920](https://togithub.com/PyCQA/bandit/pull/920) - add jsonpickle deserialization blacklist by [@SugarP1g](https://togithub.com/SugarP1g) in [https://github.com/PyCQA/bandit/pull/707](https://togithub.com/PyCQA/bandit/pull/707) - Fix reading the number argument from config file by [@KAUTH](https://togithub.com/KAUTH) in [https://github.com/PyCQA/bandit/pull/923](https://togithub.com/PyCQA/bandit/pull/923) - Add end_col_offset if available by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/851](https://togithub.com/PyCQA/bandit/pull/851) - Enhancement Proposal: Plugin "assert_used" config-skip snippet by [@marianomartinelli](https://togithub.com/marianomartinelli) in [https://github.com/PyCQA/bandit/pull/695](https://togithub.com/PyCQA/bandit/pull/695) - Blacklist pandas read_pickle and add functional test for it by [@jaspersival](https://togithub.com/jaspersival) in [https://github.com/PyCQA/bandit/pull/710](https://togithub.com/PyCQA/bandit/pull/710) - Docs for request without timeout has dead link by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/925](https://togithub.com/PyCQA/bandit/pull/925) - Add case for global exec by [@tonybaloney](https://togithub.com/tonybaloney) in [https://github.com/PyCQA/bandit/pull/570](https://togithub.com/PyCQA/bandit/pull/570) - Fix a false positive condition yaml_load by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/927](https://togithub.com/PyCQA/bandit/pull/927) - Fix issue [#453](https://togithub.com/PyCQA/bandit/issues/453) jinja2 template select_autoescape when using jinja2.select_autoescape by [@kinow](https://togithub.com/kinow) in [https://github.com/PyCQA/bandit/pull/454](https://togithub.com/PyCQA/bandit/pull/454) - Adding tarfile.extractall() plugin with examples by [@yilmi](https://togithub.com/yilmi) in [https://github.com/PyCQA/bandit/pull/549](https://togithub.com/PyCQA/bandit/pull/549) - Check for deprecated TLS 1.1 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/928](https://togithub.com/PyCQA/bandit/pull/928) - weak_cryptographic_key assumes positional arg by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/930](https://togithub.com/PyCQA/bandit/pull/930) - Fix filename of B202 in docs by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/932](https://togithub.com/PyCQA/bandit/pull/932) - Remove python 2 reference in docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/933](https://togithub.com/PyCQA/bandit/pull/933) - Pass correct number of arguments to match the `%s` placeholders. by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/934](https://togithub.com/PyCQA/bandit/pull/934) - Fixup some invalid pickle testing by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/924](https://togithub.com/PyCQA/bandit/pull/924) - Fix json and yaml formatters to respect num lines by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/929](https://togithub.com/PyCQA/bandit/pull/929) - Fix AttributeError on detect of tuple assign condition by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/931](https://togithub.com/PyCQA/bandit/pull/931) - \[docs] Mention `exclude_dirs` option available in TOML and YAML by [@bittner](https://togithub.com/bittner) in [https://github.com/PyCQA/bandit/pull/876](https://togithub.com/PyCQA/bandit/pull/876) - Typo fix by [@PermanAtayev](https://togithub.com/PermanAtayev) in [https://github.com/PyCQA/bandit/pull/945](https://togithub.com/PyCQA/bandit/pull/945) - remove py2 exec example in docs by [@clavedeluna](https://togithub.com/clavedeluna) in [https://github.com/PyCQA/bandit/pull/947](https://togithub.com/PyCQA/bandit/pull/947) - Add official Python 3.11 support by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/964](https://togithub.com/PyCQA/bandit/pull/964) - DOC: Add explanation on how to use pre-commit with config file by [@phofl](https://togithub.com/phofl) in [https://github.com/PyCQA/bandit/pull/968](https://togithub.com/PyCQA/bandit/pull/968) - Fix breaking build due to new tox by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/983](https://togithub.com/PyCQA/bandit/pull/983) - Correct build status badge in README by [@gliptak](https://togithub.com/gliptak) in [https://github.com/PyCQA/bandit/pull/980](https://togithub.com/PyCQA/bandit/pull/980) - Improve detecting SQL injections in f-strings by [@kfrydel](https://togithub.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/917](https://togithub.com/PyCQA/bandit/pull/917) - Improve handling nosec for multi-line strings by [@kfrydel](https://togithub.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/915](https://togithub.com/PyCQA/bandit/pull/915) - Check for github action updates monthly by [@jlosito](https://togithub.com/jlosito) in [https://github.com/PyCQA/bandit/pull/989](https://togithub.com/PyCQA/bandit/pull/989) - Added a bit more `project_urls` by [@KOLANICH](https://togithub.com/KOLANICH) in [https://github.com/PyCQA/bandit/pull/985](https://togithub.com/PyCQA/bandit/pull/985) #### New Contributors - [@mschfh](https://togithub.com/mschfh) made their first contribution in [https://github.com/PyCQA/bandit/pull/743](https://togithub.com/PyCQA/bandit/pull/743) - [@raj3shp](https://togithub.com/raj3shp) made their first contribution in [https://github.com/PyCQA/bandit/pull/874](https://togithub.com/PyCQA/bandit/pull/874) - [@a-takahashi223](https://togithub.com/a-takahashi223) made their first contribution in [https://github.com/PyCQA/bandit/pull/868](https://togithub.com/PyCQA/bandit/pull/868) - [@mportesdev](https://togithub.com/mportesdev) made their first contribution in [https://github.com/PyCQA/bandit/pull/893](https://togithub.com/PyCQA/bandit/pull/893) - [@rajaramsrn](https://togithub.com/rajaramsrn) made their first contribution in [https://github.com/PyCQA/bandit/pull/897](https://togithub.com/PyCQA/bandit/pull/897) - [@travisjungroth](https://togithub.com/travisjungroth) made their first contribution in [https://github.com/PyCQA/bandit/pull/909](https://togithub.com/PyCQA/bandit/pull/909) - [@SugarP1g](https://togithub.com/SugarP1g) made their first contribution in [https://github.com/PyCQA/bandit/pull/707](https://togithub.com/PyCQA/bandit/pull/707) - [@KAUTH](https://togithub.com/KAUTH) made their first contribution in [https://github.com/PyCQA/bandit/pull/923](https://togithub.com/PyCQA/bandit/pull/923) - [@marianomartinelli](https://togithub.com/marianomartinelli) made their first contribution in [https://github.com/PyCQA/bandit/pull/695](https://togithub.com/PyCQA/bandit/pull/695) - [@jaspersival](https://togithub.com/jaspersival) made their first contribution in [https://github.com/PyCQA/bandit/pull/710](https://togithub.com/PyCQA/bandit/pull/710) - [@kinow](https://togithub.com/kinow) made their first contribution in [https://github.com/PyCQA/bandit/pull/454](https://togithub.com/PyCQA/bandit/pull/454) - [@yilmi](https://togithub.com/yilmi) made their first contribution in [https://github.com/PyCQA/bandit/pull/549](https://togithub.com/PyCQA/bandit/pull/549) - [@PermanAtayev](https://togithub.com/PermanAtayev) made their first contribution in [https://github.com/PyCQA/bandit/pull/945](https://togithub.com/PyCQA/bandit/pull/945) - [@clavedeluna](https://togithub.com/clavedeluna) made their first contribution in [https://github.com/PyCQA/bandit/pull/947](https://togithub.com/PyCQA/bandit/pull/947) - [@phofl](https://togithub.com/phofl) made their first contribution in [https://github.com/PyCQA/bandit/pull/968](https://togithub.com/PyCQA/bandit/pull/968) - [@gliptak](https://togithub.com/gliptak) made their first contribution in [https://github.com/PyCQA/bandit/pull/980](https://togithub.com/PyCQA/bandit/pull/980) - [@kfrydel](https://togithub.com/kfrydel) made their first contribution in [https://github.com/PyCQA/bandit/pull/917](https://togithub.com/PyCQA/bandit/pull/917) - [@jlosito](https://togithub.com/jlosito) made their first contribution in [https://github.com/PyCQA/bandit/pull/989](https://togithub.com/PyCQA/bandit/pull/989) - [@KOLANICH](https://togithub.com/KOLANICH) made their first contribution in [https://github.com/PyCQA/bandit/pull/985](https://togithub.com/PyCQA/bandit/pull/985) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5Configuration
📅 Schedule: Branch creation - "every month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.