Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
PyCQA/bandit
### [`v1.7.5`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.5)
[Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.4...1.7.5)
##### What's Changed
- Add an example screen shot of Bandit to README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/847](https://togithub.com/PyCQA/bandit/pull/847)
- Bad link to screen shot by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/848](https://togithub.com/PyCQA/bandit/pull/848)
- Use a constant for weak hashes by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/850](https://togithub.com/PyCQA/bandit/pull/850)
- Group location line with code output by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/822](https://togithub.com/PyCQA/bandit/pull/822)
- Fix line range using Python 3.8 end_lineno by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/821](https://togithub.com/PyCQA/bandit/pull/821)
- Add classifier to indicate Py3 only by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/853](https://togithub.com/PyCQA/bandit/pull/853)
- Removal of blacklist call B309 httpsconnection by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/858](https://togithub.com/PyCQA/bandit/pull/858)
- Remove blacklist call check for os.tempnam by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/859](https://togithub.com/PyCQA/bandit/pull/859)
- Indiciate hash type in message by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/860](https://togithub.com/PyCQA/bandit/pull/860)
- Add the httpx module check for verify by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/861](https://togithub.com/PyCQA/bandit/pull/861)
- Add doc for hashlib plugin by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/862](https://togithub.com/PyCQA/bandit/pull/862)
- Make use of rich for progress bar by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/863](https://togithub.com/PyCQA/bandit/pull/863)
- Replace `toml` with `tomli` by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/829](https://togithub.com/PyCQA/bandit/pull/829)
- Fix up B109 and B111 removed plugins docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/864](https://togithub.com/PyCQA/bandit/pull/864)
- add check for "requests" calls without timeout by [@mschfh](https://togithub.com/mschfh) in [https://github.com/PyCQA/bandit/pull/743](https://togithub.com/PyCQA/bandit/pull/743)
- Fix for build breaks in format job by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/869](https://togithub.com/PyCQA/bandit/pull/869)
- Add license and contributing links to docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/867](https://togithub.com/PyCQA/bandit/pull/867)
- Remove redundant word Bandit in titles of sections by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/873](https://togithub.com/PyCQA/bandit/pull/873)
- Add request for feedback via 👍 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/871](https://togithub.com/PyCQA/bandit/pull/871)
- Add a Discord link to the docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/870](https://togithub.com/PyCQA/bandit/pull/870)
- Adding logging.config.listen() plugin with examples by [@raj3shp](https://togithub.com/raj3shp) in [https://github.com/PyCQA/bandit/pull/874](https://togithub.com/PyCQA/bandit/pull/874)
- Removal of ghugo by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/881](https://togithub.com/PyCQA/bandit/pull/881)
- Remove redundant pip line by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/884](https://togithub.com/PyCQA/bandit/pull/884)
- Corrected documentation on configuration by [@a-takahashi223](https://togithub.com/a-takahashi223) in [https://github.com/PyCQA/bandit/pull/868](https://togithub.com/PyCQA/bandit/pull/868)
- Start testing against Python 3.11 by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/887](https://togithub.com/PyCQA/bandit/pull/887)
- Add myself to sponsor list by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/885](https://togithub.com/PyCQA/bandit/pull/885)
- Add Discord link to README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/875](https://togithub.com/PyCQA/bandit/pull/875)
- Update action versions in Actions workflows ([#890](https://togithub.com/PyCQA/bandit/issues/890)) by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/893](https://togithub.com/PyCQA/bandit/pull/893)
- Add dependency review action by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/891](https://togithub.com/PyCQA/bandit/pull/891)
- Fix an unclosed tag in HTML formatter by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/896](https://togithub.com/PyCQA/bandit/pull/896)
- 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by [@rajaramsrn](https://togithub.com/rajaramsrn) in [https://github.com/PyCQA/bandit/pull/897](https://togithub.com/PyCQA/bandit/pull/897)
- Make small fixes in docs by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/899](https://togithub.com/PyCQA/bandit/pull/899)
- Specify semver range for Python 3.11 by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/901](https://togithub.com/PyCQA/bandit/pull/901)
- Add another bad example of yaml load by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/905](https://togithub.com/PyCQA/bandit/pull/905)
- Add releases link in "Version control integration" by [@travisjungroth](https://togithub.com/travisjungroth) in [https://github.com/PyCQA/bandit/pull/909](https://togithub.com/PyCQA/bandit/pull/909)
- Update version of dependency-review-action by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/911](https://togithub.com/PyCQA/bandit/pull/911)
- Avoid redundant message if debug on by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/913](https://togithub.com/PyCQA/bandit/pull/913)
- Remove invalid checking on hashlib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/914](https://togithub.com/PyCQA/bandit/pull/914)
- Add some missing curve types by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/920](https://togithub.com/PyCQA/bandit/pull/920)
- add jsonpickle deserialization blacklist by [@SugarP1g](https://togithub.com/SugarP1g) in [https://github.com/PyCQA/bandit/pull/707](https://togithub.com/PyCQA/bandit/pull/707)
- Fix reading the number argument from config file by [@KAUTH](https://togithub.com/KAUTH) in [https://github.com/PyCQA/bandit/pull/923](https://togithub.com/PyCQA/bandit/pull/923)
- Add end_col_offset if available by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/851](https://togithub.com/PyCQA/bandit/pull/851)
- Enhancement Proposal: Plugin "assert_used" config-skip snippet by [@marianomartinelli](https://togithub.com/marianomartinelli) in [https://github.com/PyCQA/bandit/pull/695](https://togithub.com/PyCQA/bandit/pull/695)
- Blacklist pandas read_pickle and add functional test for it by [@jaspersival](https://togithub.com/jaspersival) in [https://github.com/PyCQA/bandit/pull/710](https://togithub.com/PyCQA/bandit/pull/710)
- Docs for request without timeout has dead link by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/925](https://togithub.com/PyCQA/bandit/pull/925)
- Add case for global exec by [@tonybaloney](https://togithub.com/tonybaloney) in [https://github.com/PyCQA/bandit/pull/570](https://togithub.com/PyCQA/bandit/pull/570)
- Fix a false positive condition yaml_load by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/927](https://togithub.com/PyCQA/bandit/pull/927)
- Fix issue [#453](https://togithub.com/PyCQA/bandit/issues/453) jinja2 template select_autoescape when using jinja2.select_autoescape by [@kinow](https://togithub.com/kinow) in [https://github.com/PyCQA/bandit/pull/454](https://togithub.com/PyCQA/bandit/pull/454)
- Adding tarfile.extractall() plugin with examples by [@yilmi](https://togithub.com/yilmi) in [https://github.com/PyCQA/bandit/pull/549](https://togithub.com/PyCQA/bandit/pull/549)
- Check for deprecated TLS 1.1 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/928](https://togithub.com/PyCQA/bandit/pull/928)
- weak_cryptographic_key assumes positional arg by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/930](https://togithub.com/PyCQA/bandit/pull/930)
- Fix filename of B202 in docs by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/932](https://togithub.com/PyCQA/bandit/pull/932)
- Remove python 2 reference in docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/933](https://togithub.com/PyCQA/bandit/pull/933)
- Pass correct number of arguments to match the `%s` placeholders. by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/934](https://togithub.com/PyCQA/bandit/pull/934)
- Fixup some invalid pickle testing by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/924](https://togithub.com/PyCQA/bandit/pull/924)
- Fix json and yaml formatters to respect num lines by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/929](https://togithub.com/PyCQA/bandit/pull/929)
- Fix AttributeError on detect of tuple assign condition by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/931](https://togithub.com/PyCQA/bandit/pull/931)
- \[docs] Mention `exclude_dirs` option available in TOML and YAML by [@bittner](https://togithub.com/bittner) in [https://github.com/PyCQA/bandit/pull/876](https://togithub.com/PyCQA/bandit/pull/876)
- Typo fix by [@PermanAtayev](https://togithub.com/PermanAtayev) in [https://github.com/PyCQA/bandit/pull/945](https://togithub.com/PyCQA/bandit/pull/945)
- remove py2 exec example in docs by [@clavedeluna](https://togithub.com/clavedeluna) in [https://github.com/PyCQA/bandit/pull/947](https://togithub.com/PyCQA/bandit/pull/947)
- Add official Python 3.11 support by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/964](https://togithub.com/PyCQA/bandit/pull/964)
- DOC: Add explanation on how to use pre-commit with config file by [@phofl](https://togithub.com/phofl) in [https://github.com/PyCQA/bandit/pull/968](https://togithub.com/PyCQA/bandit/pull/968)
- Fix breaking build due to new tox by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/983](https://togithub.com/PyCQA/bandit/pull/983)
- Correct build status badge in README by [@gliptak](https://togithub.com/gliptak) in [https://github.com/PyCQA/bandit/pull/980](https://togithub.com/PyCQA/bandit/pull/980)
- Improve detecting SQL injections in f-strings by [@kfrydel](https://togithub.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/917](https://togithub.com/PyCQA/bandit/pull/917)
- Improve handling nosec for multi-line strings by [@kfrydel](https://togithub.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/915](https://togithub.com/PyCQA/bandit/pull/915)
- Check for github action updates monthly by [@jlosito](https://togithub.com/jlosito) in [https://github.com/PyCQA/bandit/pull/989](https://togithub.com/PyCQA/bandit/pull/989)
- Added a bit more `project_urls` by [@KOLANICH](https://togithub.com/KOLANICH) in [https://github.com/PyCQA/bandit/pull/985](https://togithub.com/PyCQA/bandit/pull/985)
##### New Contributors
- [@mschfh](https://togithub.com/mschfh) made their first contribution in [https://github.com/PyCQA/bandit/pull/743](https://togithub.com/PyCQA/bandit/pull/743)
- [@raj3shp](https://togithub.com/raj3shp) made their first contribution in [https://github.com/PyCQA/bandit/pull/874](https://togithub.com/PyCQA/bandit/pull/874)
- [@a-takahashi223](https://togithub.com/a-takahashi223) made their first contribution in [https://github.com/PyCQA/bandit/pull/868](https://togithub.com/PyCQA/bandit/pull/868)
- [@mportesdev](https://togithub.com/mportesdev) made their first contribution in [https://github.com/PyCQA/bandit/pull/893](https://togithub.com/PyCQA/bandit/pull/893)
- [@rajaramsrn](https://togithub.com/rajaramsrn) made their first contribution in [https://github.com/PyCQA/bandit/pull/897](https://togithub.com/PyCQA/bandit/pull/897)
- [@travisjungroth](https://togithub.com/travisjungroth) made their first contribution in [https://github.com/PyCQA/bandit/pull/909](https://togithub.com/PyCQA/bandit/pull/909)
- [@SugarP1g](https://togithub.com/SugarP1g) made their first contribution in [https://github.com/PyCQA/bandit/pull/707](https://togithub.com/PyCQA/bandit/pull/707)
- [@KAUTH](https://togithub.com/KAUTH) made their first contribution in [https://github.com/PyCQA/bandit/pull/923](https://togithub.com/PyCQA/bandit/pull/923)
- [@marianomartinelli](https://togithub.com/marianomartinelli) made their first contribution in [https://github.com/PyCQA/bandit/pull/695](https://togithub.com/PyCQA/bandit/pull/695)
- [@jaspersival](https://togithub.com/jaspersival) made their first contribution in [https://github.com/PyCQA/bandit/pull/710](https://togithub.com/PyCQA/bandit/pull/710)
- [@kinow](https://togithub.com/kinow) made their first contribution in [https://github.com/PyCQA/bandit/pull/454](https://togithub.com/PyCQA/bandit/pull/454)
- [@yilmi](https://togithub.com/yilmi) made their first contribution in [https://github.com/PyCQA/bandit/pull/549](https://togithub.com/PyCQA/bandit/pull/549)
- [@PermanAtayev](https://togithub.com/PermanAtayev) made their first contribution in [https://github.com/PyCQA/bandit/pull/945](https://togithub.com/PyCQA/bandit/pull/945)
- [@clavedeluna](https://togithub.com/clavedeluna) made their first contribution in [https://github.com/PyCQA/bandit/pull/947](https://togithub.com/PyCQA/bandit/pull/947)
- [@phofl](https://togithub.com/phofl) made their first contribution in [https://github.com/PyCQA/bandit/pull/968](https://togithub.com/PyCQA/bandit/pull/968)
- [@gliptak](https://togithub.com/gliptak) made their first contribution in [https://github.com/PyCQA/bandit/pull/980](https://togithub.com/PyCQA/bandit/pull/980)
- [@kfrydel](https://togithub.com/kfrydel) made their first contribution in [https://github.com/PyCQA/bandit/pull/917](https://togithub.com/PyCQA/bandit/pull/917)
- [@jlosito](https://togithub.com/jlosito) made their first contribution in [https://github.com/PyCQA/bandit/pull/989](https://togithub.com/PyCQA/bandit/pull/989)
- [@KOLANICH](https://togithub.com/KOLANICH) made their first contribution in [https://github.com/PyCQA/bandit/pull/985](https://togithub.com/PyCQA/bandit/pull/985)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.7.4
->1.7.5
Note: The
pre-commit
manager in Renovate is not supported by thepre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.Release Notes
PyCQA/bandit
### [`v1.7.5`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.5) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.4...1.7.5) ##### What's Changed - Add an example screen shot of Bandit to README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/847](https://togithub.com/PyCQA/bandit/pull/847) - Bad link to screen shot by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/848](https://togithub.com/PyCQA/bandit/pull/848) - Use a constant for weak hashes by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/850](https://togithub.com/PyCQA/bandit/pull/850) - Group location line with code output by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/822](https://togithub.com/PyCQA/bandit/pull/822) - Fix line range using Python 3.8 end_lineno by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/821](https://togithub.com/PyCQA/bandit/pull/821) - Add classifier to indicate Py3 only by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/853](https://togithub.com/PyCQA/bandit/pull/853) - Removal of blacklist call B309 httpsconnection by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/858](https://togithub.com/PyCQA/bandit/pull/858) - Remove blacklist call check for os.tempnam by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/859](https://togithub.com/PyCQA/bandit/pull/859) - Indiciate hash type in message by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/860](https://togithub.com/PyCQA/bandit/pull/860) - Add the httpx module check for verify by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/861](https://togithub.com/PyCQA/bandit/pull/861) - Add doc for hashlib plugin by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/862](https://togithub.com/PyCQA/bandit/pull/862) - Make use of rich for progress bar by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/863](https://togithub.com/PyCQA/bandit/pull/863) - Replace `toml` with `tomli` by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/829](https://togithub.com/PyCQA/bandit/pull/829) - Fix up B109 and B111 removed plugins docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/864](https://togithub.com/PyCQA/bandit/pull/864) - add check for "requests" calls without timeout by [@mschfh](https://togithub.com/mschfh) in [https://github.com/PyCQA/bandit/pull/743](https://togithub.com/PyCQA/bandit/pull/743) - Fix for build breaks in format job by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/869](https://togithub.com/PyCQA/bandit/pull/869) - Add license and contributing links to docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/867](https://togithub.com/PyCQA/bandit/pull/867) - Remove redundant word Bandit in titles of sections by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/873](https://togithub.com/PyCQA/bandit/pull/873) - Add request for feedback via 👍 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/871](https://togithub.com/PyCQA/bandit/pull/871) - Add a Discord link to the docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/870](https://togithub.com/PyCQA/bandit/pull/870) - Adding logging.config.listen() plugin with examples by [@raj3shp](https://togithub.com/raj3shp) in [https://github.com/PyCQA/bandit/pull/874](https://togithub.com/PyCQA/bandit/pull/874) - Removal of ghugo by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/881](https://togithub.com/PyCQA/bandit/pull/881) - Remove redundant pip line by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/884](https://togithub.com/PyCQA/bandit/pull/884) - Corrected documentation on configuration by [@a-takahashi223](https://togithub.com/a-takahashi223) in [https://github.com/PyCQA/bandit/pull/868](https://togithub.com/PyCQA/bandit/pull/868) - Start testing against Python 3.11 by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/887](https://togithub.com/PyCQA/bandit/pull/887) - Add myself to sponsor list by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/885](https://togithub.com/PyCQA/bandit/pull/885) - Add Discord link to README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/875](https://togithub.com/PyCQA/bandit/pull/875) - Update action versions in Actions workflows ([#890](https://togithub.com/PyCQA/bandit/issues/890)) by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/893](https://togithub.com/PyCQA/bandit/pull/893) - Add dependency review action by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/891](https://togithub.com/PyCQA/bandit/pull/891) - Fix an unclosed tag in HTML formatter by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/896](https://togithub.com/PyCQA/bandit/pull/896) - 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by [@rajaramsrn](https://togithub.com/rajaramsrn) in [https://github.com/PyCQA/bandit/pull/897](https://togithub.com/PyCQA/bandit/pull/897) - Make small fixes in docs by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/899](https://togithub.com/PyCQA/bandit/pull/899) - Specify semver range for Python 3.11 by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/901](https://togithub.com/PyCQA/bandit/pull/901) - Add another bad example of yaml load by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/905](https://togithub.com/PyCQA/bandit/pull/905) - Add releases link in "Version control integration" by [@travisjungroth](https://togithub.com/travisjungroth) in [https://github.com/PyCQA/bandit/pull/909](https://togithub.com/PyCQA/bandit/pull/909) - Update version of dependency-review-action by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/911](https://togithub.com/PyCQA/bandit/pull/911) - Avoid redundant message if debug on by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/913](https://togithub.com/PyCQA/bandit/pull/913) - Remove invalid checking on hashlib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/914](https://togithub.com/PyCQA/bandit/pull/914) - Add some missing curve types by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/920](https://togithub.com/PyCQA/bandit/pull/920) - add jsonpickle deserialization blacklist by [@SugarP1g](https://togithub.com/SugarP1g) in [https://github.com/PyCQA/bandit/pull/707](https://togithub.com/PyCQA/bandit/pull/707) - Fix reading the number argument from config file by [@KAUTH](https://togithub.com/KAUTH) in [https://github.com/PyCQA/bandit/pull/923](https://togithub.com/PyCQA/bandit/pull/923) - Add end_col_offset if available by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/851](https://togithub.com/PyCQA/bandit/pull/851) - Enhancement Proposal: Plugin "assert_used" config-skip snippet by [@marianomartinelli](https://togithub.com/marianomartinelli) in [https://github.com/PyCQA/bandit/pull/695](https://togithub.com/PyCQA/bandit/pull/695) - Blacklist pandas read_pickle and add functional test for it by [@jaspersival](https://togithub.com/jaspersival) in [https://github.com/PyCQA/bandit/pull/710](https://togithub.com/PyCQA/bandit/pull/710) - Docs for request without timeout has dead link by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/925](https://togithub.com/PyCQA/bandit/pull/925) - Add case for global exec by [@tonybaloney](https://togithub.com/tonybaloney) in [https://github.com/PyCQA/bandit/pull/570](https://togithub.com/PyCQA/bandit/pull/570) - Fix a false positive condition yaml_load by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/927](https://togithub.com/PyCQA/bandit/pull/927) - Fix issue [#453](https://togithub.com/PyCQA/bandit/issues/453) jinja2 template select_autoescape when using jinja2.select_autoescape by [@kinow](https://togithub.com/kinow) in [https://github.com/PyCQA/bandit/pull/454](https://togithub.com/PyCQA/bandit/pull/454) - Adding tarfile.extractall() plugin with examples by [@yilmi](https://togithub.com/yilmi) in [https://github.com/PyCQA/bandit/pull/549](https://togithub.com/PyCQA/bandit/pull/549) - Check for deprecated TLS 1.1 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/928](https://togithub.com/PyCQA/bandit/pull/928) - weak_cryptographic_key assumes positional arg by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/930](https://togithub.com/PyCQA/bandit/pull/930) - Fix filename of B202 in docs by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/932](https://togithub.com/PyCQA/bandit/pull/932) - Remove python 2 reference in docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/933](https://togithub.com/PyCQA/bandit/pull/933) - Pass correct number of arguments to match the `%s` placeholders. by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/934](https://togithub.com/PyCQA/bandit/pull/934) - Fixup some invalid pickle testing by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/924](https://togithub.com/PyCQA/bandit/pull/924) - Fix json and yaml formatters to respect num lines by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/929](https://togithub.com/PyCQA/bandit/pull/929) - Fix AttributeError on detect of tuple assign condition by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/931](https://togithub.com/PyCQA/bandit/pull/931) - \[docs] Mention `exclude_dirs` option available in TOML and YAML by [@bittner](https://togithub.com/bittner) in [https://github.com/PyCQA/bandit/pull/876](https://togithub.com/PyCQA/bandit/pull/876) - Typo fix by [@PermanAtayev](https://togithub.com/PermanAtayev) in [https://github.com/PyCQA/bandit/pull/945](https://togithub.com/PyCQA/bandit/pull/945) - remove py2 exec example in docs by [@clavedeluna](https://togithub.com/clavedeluna) in [https://github.com/PyCQA/bandit/pull/947](https://togithub.com/PyCQA/bandit/pull/947) - Add official Python 3.11 support by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/964](https://togithub.com/PyCQA/bandit/pull/964) - DOC: Add explanation on how to use pre-commit with config file by [@phofl](https://togithub.com/phofl) in [https://github.com/PyCQA/bandit/pull/968](https://togithub.com/PyCQA/bandit/pull/968) - Fix breaking build due to new tox by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/983](https://togithub.com/PyCQA/bandit/pull/983) - Correct build status badge in README by [@gliptak](https://togithub.com/gliptak) in [https://github.com/PyCQA/bandit/pull/980](https://togithub.com/PyCQA/bandit/pull/980) - Improve detecting SQL injections in f-strings by [@kfrydel](https://togithub.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/917](https://togithub.com/PyCQA/bandit/pull/917) - Improve handling nosec for multi-line strings by [@kfrydel](https://togithub.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/915](https://togithub.com/PyCQA/bandit/pull/915) - Check for github action updates monthly by [@jlosito](https://togithub.com/jlosito) in [https://github.com/PyCQA/bandit/pull/989](https://togithub.com/PyCQA/bandit/pull/989) - Added a bit more `project_urls` by [@KOLANICH](https://togithub.com/KOLANICH) in [https://github.com/PyCQA/bandit/pull/985](https://togithub.com/PyCQA/bandit/pull/985) ##### New Contributors - [@mschfh](https://togithub.com/mschfh) made their first contribution in [https://github.com/PyCQA/bandit/pull/743](https://togithub.com/PyCQA/bandit/pull/743) - [@raj3shp](https://togithub.com/raj3shp) made their first contribution in [https://github.com/PyCQA/bandit/pull/874](https://togithub.com/PyCQA/bandit/pull/874) - [@a-takahashi223](https://togithub.com/a-takahashi223) made their first contribution in [https://github.com/PyCQA/bandit/pull/868](https://togithub.com/PyCQA/bandit/pull/868) - [@mportesdev](https://togithub.com/mportesdev) made their first contribution in [https://github.com/PyCQA/bandit/pull/893](https://togithub.com/PyCQA/bandit/pull/893) - [@rajaramsrn](https://togithub.com/rajaramsrn) made their first contribution in [https://github.com/PyCQA/bandit/pull/897](https://togithub.com/PyCQA/bandit/pull/897) - [@travisjungroth](https://togithub.com/travisjungroth) made their first contribution in [https://github.com/PyCQA/bandit/pull/909](https://togithub.com/PyCQA/bandit/pull/909) - [@SugarP1g](https://togithub.com/SugarP1g) made their first contribution in [https://github.com/PyCQA/bandit/pull/707](https://togithub.com/PyCQA/bandit/pull/707) - [@KAUTH](https://togithub.com/KAUTH) made their first contribution in [https://github.com/PyCQA/bandit/pull/923](https://togithub.com/PyCQA/bandit/pull/923) - [@marianomartinelli](https://togithub.com/marianomartinelli) made their first contribution in [https://github.com/PyCQA/bandit/pull/695](https://togithub.com/PyCQA/bandit/pull/695) - [@jaspersival](https://togithub.com/jaspersival) made their first contribution in [https://github.com/PyCQA/bandit/pull/710](https://togithub.com/PyCQA/bandit/pull/710) - [@kinow](https://togithub.com/kinow) made their first contribution in [https://github.com/PyCQA/bandit/pull/454](https://togithub.com/PyCQA/bandit/pull/454) - [@yilmi](https://togithub.com/yilmi) made their first contribution in [https://github.com/PyCQA/bandit/pull/549](https://togithub.com/PyCQA/bandit/pull/549) - [@PermanAtayev](https://togithub.com/PermanAtayev) made their first contribution in [https://github.com/PyCQA/bandit/pull/945](https://togithub.com/PyCQA/bandit/pull/945) - [@clavedeluna](https://togithub.com/clavedeluna) made their first contribution in [https://github.com/PyCQA/bandit/pull/947](https://togithub.com/PyCQA/bandit/pull/947) - [@phofl](https://togithub.com/phofl) made their first contribution in [https://github.com/PyCQA/bandit/pull/968](https://togithub.com/PyCQA/bandit/pull/968) - [@gliptak](https://togithub.com/gliptak) made their first contribution in [https://github.com/PyCQA/bandit/pull/980](https://togithub.com/PyCQA/bandit/pull/980) - [@kfrydel](https://togithub.com/kfrydel) made their first contribution in [https://github.com/PyCQA/bandit/pull/917](https://togithub.com/PyCQA/bandit/pull/917) - [@jlosito](https://togithub.com/jlosito) made their first contribution in [https://github.com/PyCQA/bandit/pull/989](https://togithub.com/PyCQA/bandit/pull/989) - [@KOLANICH](https://togithub.com/KOLANICH) made their first contribution in [https://github.com/PyCQA/bandit/pull/985](https://togithub.com/PyCQA/bandit/pull/985) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.