Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
PyCQA/bandit (PyCQA/bandit)
### [`v1.7.6`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.6)
[Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.5...1.7.6)
#### What's Changed
- Update bug report to include version 1.7.5 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://togithub.com/PyCQA/bandit/pull/993)
- Render Python 3.10 in drop down correctly by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://togithub.com/PyCQA/bandit/pull/997)
- Remove checks for Python2 urllib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://togithub.com/PyCQA/bandit/pull/999)
- Improper detection of non-requests module by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://togithub.com/PyCQA/bandit/pull/1011)
- xmlrpclib replaced with xmlrpc in Python3 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://togithub.com/PyCQA/bandit/pull/1012)
- language and linting updates by [@marksmayo](https://togithub.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015)
- Adds check for crypt module usage as weak hash by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://togithub.com/PyCQA/bandit/pull/1018)
- Switch to tox 4 by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://togithub.com/PyCQA/bandit/pull/1020)
- Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://togithub.com/PyCQA/bandit/pull/1021)
- Update versions of used GitHub Actions by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://togithub.com/PyCQA/bandit/pull/1024)
- Update pre-commit hooks by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://togithub.com/PyCQA/bandit/pull/1026)
- Add `random.Random` to B311 checks by [@shiftinv](https://togithub.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940)
- Add a copy button to all code snippets in docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://togithub.com/PyCQA/bandit/pull/1030)
- Replace pbr in favor of importlib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://togithub.com/PyCQA/bandit/pull/1016)
- Switch from open collective to PSF by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://togithub.com/PyCQA/bandit/pull/1031)
- Make pre-commit run Bandit hook using a single process by [@Klavionik](https://togithub.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029)
- Remove support for Python 3.7 due to end-of-life by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://togithub.com/PyCQA/bandit/pull/1034)
- Update asserts.py documentation by [@deronnax](https://togithub.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036)
- Simplify `wrap_file_object` by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://togithub.com/PyCQA/bandit/pull/1037)
- django_rawsql_used: support keyword arguments used in `RawSQL` by [@kevinmarsh](https://togithub.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765)
- Avoid gitpyhon CVE-2022-24439 by [@carlosduelo](https://togithub.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048)
- Update blacklist call documentation by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045)
- Support ignoring blacklists by name by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://togithub.com/PyCQA/bandit/pull/1046)
- Fix dependabot to update github actions by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://togithub.com/PyCQA/bandit/pull/1057)
- Bump actions/checkout from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058)
- Fix for ReadtheDocs build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://togithub.com/PyCQA/bandit/pull/1061)
- fix(plugins/B507): also detect class instances by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://togithub.com/PyCQA/bandit/pull/1064)
- Use mirror repository for black pre-commit hook by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://togithub.com/PyCQA/bandit/pull/1070)
- Add official support of Python 3.12 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://togithub.com/PyCQA/bandit/pull/1068)
- Fix crash on pyproject.toml without bandit config by [@javajawa](https://togithub.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073)
- refactor: remove `importlib-metadata` fallback by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://togithub.com/PyCQA/bandit/pull/1066)
- Fixes for sphinx build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://togithub.com/PyCQA/bandit/pull/1063)
#### New Contributors
- [@marksmayo](https://togithub.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015)
- [@shiftinv](https://togithub.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940)
- [@Klavionik](https://togithub.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029)
- [@deronnax](https://togithub.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036)
- [@kevinmarsh](https://togithub.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765)
- [@carlosduelo](https://togithub.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048)
- [@costaparas](https://togithub.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045)
- [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058)
- [@javajawa](https://togithub.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6
psf/black (psf/black)
### [`v23.11.0`](https://togithub.com/psf/black/blob/HEAD/CHANGES.md#23110)
[Compare Source](https://togithub.com/psf/black/compare/23.10.1...23.11.0)
##### Highlights
- Support formatting ranges of lines with the new `--line-ranges` command-line option
([#4020](https://togithub.com/psf/black/issues/4020))
##### Stable style
- Fix crash on formatting bytes strings that look like docstrings ([#4003](https://togithub.com/psf/black/issues/4003))
- Fix crash when whitespace followed a backslash before newline in a docstring ([#4008](https://togithub.com/psf/black/issues/4008))
- Fix standalone comments inside complex blocks crashing Black ([#4016](https://togithub.com/psf/black/issues/4016))
- Fix crash on formatting code like `await (a ** b)` ([#3994](https://togithub.com/psf/black/issues/3994))
- No longer treat leading f-strings as docstrings. This matches Python's behaviour and
fixes a crash ([#4019](https://togithub.com/psf/black/issues/4019))
##### Preview style
- Multiline dicts and lists that are the sole argument to a function are now indented
less ([#3964](https://togithub.com/psf/black/issues/3964))
- Multiline unpacked dicts and lists as the sole argument to a function are now also
indented less ([#3992](https://togithub.com/psf/black/issues/3992))
- In f-string debug expressions, quote types that are visible in the final string are
now preserved ([#4005](https://togithub.com/psf/black/issues/4005))
- Fix a bug where long `case` blocks were not split into multiple lines. Also enable
general trailing comma rules on `case` blocks ([#4024](https://togithub.com/psf/black/issues/4024))
- Keep requiring two empty lines between module-level docstring and first function or
class definition ([#4028](https://togithub.com/psf/black/issues/4028))
- Add support for single-line format skip with other comments on the same line ([#3959](https://togithub.com/psf/black/issues/3959))
##### Configuration
- Consistently apply force exclusion logic before resolving symlinks ([#4015](https://togithub.com/psf/black/issues/4015))
- Fix a bug in the matching of absolute path names in `--include` ([#3976](https://togithub.com/psf/black/issues/3976))
##### Performance
- Fix mypyc builds on arm64 on macOS ([#4017](https://togithub.com/psf/black/issues/4017))
##### Integrations
- Black's pre-commit integration will now run only on git hooks appropriate for a code
formatter ([#3940](https://togithub.com/psf/black/issues/3940))
Configuration
📅 Schedule: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.7.5
->1.7.6
23.10.1
->23.11.0
Note: The
pre-commit
manager in Renovate is not supported by thepre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.Release Notes
PyCQA/bandit (PyCQA/bandit)
### [`v1.7.6`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.6) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.5...1.7.6) #### What's Changed - Update bug report to include version 1.7.5 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://togithub.com/PyCQA/bandit/pull/993) - Render Python 3.10 in drop down correctly by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://togithub.com/PyCQA/bandit/pull/997) - Remove checks for Python2 urllib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://togithub.com/PyCQA/bandit/pull/999) - Improper detection of non-requests module by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://togithub.com/PyCQA/bandit/pull/1011) - xmlrpclib replaced with xmlrpc in Python3 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://togithub.com/PyCQA/bandit/pull/1012) - language and linting updates by [@marksmayo](https://togithub.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015) - Adds check for crypt module usage as weak hash by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://togithub.com/PyCQA/bandit/pull/1018) - Switch to tox 4 by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://togithub.com/PyCQA/bandit/pull/1020) - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://togithub.com/PyCQA/bandit/pull/1021) - Update versions of used GitHub Actions by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://togithub.com/PyCQA/bandit/pull/1024) - Update pre-commit hooks by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://togithub.com/PyCQA/bandit/pull/1026) - Add `random.Random` to B311 checks by [@shiftinv](https://togithub.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940) - Add a copy button to all code snippets in docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://togithub.com/PyCQA/bandit/pull/1030) - Replace pbr in favor of importlib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://togithub.com/PyCQA/bandit/pull/1016) - Switch from open collective to PSF by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://togithub.com/PyCQA/bandit/pull/1031) - Make pre-commit run Bandit hook using a single process by [@Klavionik](https://togithub.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029) - Remove support for Python 3.7 due to end-of-life by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://togithub.com/PyCQA/bandit/pull/1034) - Update asserts.py documentation by [@deronnax](https://togithub.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036) - Simplify `wrap_file_object` by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://togithub.com/PyCQA/bandit/pull/1037) - django_rawsql_used: support keyword arguments used in `RawSQL` by [@kevinmarsh](https://togithub.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765) - Avoid gitpyhon CVE-2022-24439 by [@carlosduelo](https://togithub.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048) - Update blacklist call documentation by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045) - Support ignoring blacklists by name by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://togithub.com/PyCQA/bandit/pull/1046) - Fix dependabot to update github actions by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://togithub.com/PyCQA/bandit/pull/1057) - Bump actions/checkout from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058) - Fix for ReadtheDocs build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://togithub.com/PyCQA/bandit/pull/1061) - fix(plugins/B507): also detect class instances by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://togithub.com/PyCQA/bandit/pull/1064) - Use mirror repository for black pre-commit hook by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://togithub.com/PyCQA/bandit/pull/1070) - Add official support of Python 3.12 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://togithub.com/PyCQA/bandit/pull/1068) - Fix crash on pyproject.toml without bandit config by [@javajawa](https://togithub.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073) - refactor: remove `importlib-metadata` fallback by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://togithub.com/PyCQA/bandit/pull/1066) - Fixes for sphinx build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://togithub.com/PyCQA/bandit/pull/1063) #### New Contributors - [@marksmayo](https://togithub.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015) - [@shiftinv](https://togithub.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940) - [@Klavionik](https://togithub.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029) - [@deronnax](https://togithub.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036) - [@kevinmarsh](https://togithub.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765) - [@carlosduelo](https://togithub.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048) - [@costaparas](https://togithub.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045) - [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058) - [@javajawa](https://togithub.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6psf/black (psf/black)
### [`v23.11.0`](https://togithub.com/psf/black/blob/HEAD/CHANGES.md#23110) [Compare Source](https://togithub.com/psf/black/compare/23.10.1...23.11.0) ##### Highlights - Support formatting ranges of lines with the new `--line-ranges` command-line option ([#4020](https://togithub.com/psf/black/issues/4020)) ##### Stable style - Fix crash on formatting bytes strings that look like docstrings ([#4003](https://togithub.com/psf/black/issues/4003)) - Fix crash when whitespace followed a backslash before newline in a docstring ([#4008](https://togithub.com/psf/black/issues/4008)) - Fix standalone comments inside complex blocks crashing Black ([#4016](https://togithub.com/psf/black/issues/4016)) - Fix crash on formatting code like `await (a ** b)` ([#3994](https://togithub.com/psf/black/issues/3994)) - No longer treat leading f-strings as docstrings. This matches Python's behaviour and fixes a crash ([#4019](https://togithub.com/psf/black/issues/4019)) ##### Preview style - Multiline dicts and lists that are the sole argument to a function are now indented less ([#3964](https://togithub.com/psf/black/issues/3964)) - Multiline unpacked dicts and lists as the sole argument to a function are now also indented less ([#3992](https://togithub.com/psf/black/issues/3992)) - In f-string debug expressions, quote types that are visible in the final string are now preserved ([#4005](https://togithub.com/psf/black/issues/4005)) - Fix a bug where long `case` blocks were not split into multiple lines. Also enable general trailing comma rules on `case` blocks ([#4024](https://togithub.com/psf/black/issues/4024)) - Keep requiring two empty lines between module-level docstring and first function or class definition ([#4028](https://togithub.com/psf/black/issues/4028)) - Add support for single-line format skip with other comments on the same line ([#3959](https://togithub.com/psf/black/issues/3959)) ##### Configuration - Consistently apply force exclusion logic before resolving symlinks ([#4015](https://togithub.com/psf/black/issues/4015)) - Fix a bug in the matching of absolute path names in `--include` ([#3976](https://togithub.com/psf/black/issues/3976)) ##### Performance - Fix mypyc builds on arm64 on macOS ([#4017](https://togithub.com/psf/black/issues/4017)) ##### Integrations - Black's pre-commit integration will now run only on git hooks appropriate for a code formatter ([#3940](https://togithub.com/psf/black/issues/3940))Configuration
📅 Schedule: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.