search

networktocode / diffsync

A utility library for comparing and synchronizing different datasets.
https://diffsync.readthedocs.io/
Other
155 stars 26 forks source link

chore(deps): update dependency bandit to v1.7.10 #217

Open renovate[bot] opened 1 year ago

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
bandit (source, changelog) 1.7.4 -> 1.7.10 age adoption passing confidence

Release Notes

PyCQA/bandit (bandit) ### [`v1.7.10`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.10) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.9...1.7.10) #### What's Changed - Bump docker/build-push-action from 5.4.0 to 6.0.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1147](https://redirect.github.com/PyCQA/bandit/pull/1147) - Suggested small refactors in assignments by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1150](https://redirect.github.com/PyCQA/bandit/pull/1150) - Performance improvement in blacklist function by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1148](https://redirect.github.com/PyCQA/bandit/pull/1148) - Add test for usage of FTP_TLS by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1149](https://redirect.github.com/PyCQA/bandit/pull/1149) - New check: B113: TrojanSource - Bidirectional control characters by [@​Lucas-C](https://redirect.github.com/Lucas-C) in [https://github.com/PyCQA/bandit/pull/757](https://redirect.github.com/PyCQA/bandit/pull/757) - Bump docker/build-push-action from 6.0.0 to 6.1.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1152](https://redirect.github.com/PyCQA/bandit/pull/1152) - feat(plugins): add support for `httpx` in `B113` by [@​mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1060](https://redirect.github.com/PyCQA/bandit/pull/1060) - Nit: remove unused variable by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1153](https://redirect.github.com/PyCQA/bandit/pull/1153) - Add recent releases to version choice in bug report by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1151](https://redirect.github.com/PyCQA/bandit/pull/1151) - Bump docker/build-push-action from 6.1.0 to 6.2.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1155](https://redirect.github.com/PyCQA/bandit/pull/1155) - Bump docker/build-push-action from 6.2.0 to 6.3.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1157](https://redirect.github.com/PyCQA/bandit/pull/1157) - Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1156](https://redirect.github.com/PyCQA/bandit/pull/1156) - Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1158](https://redirect.github.com/PyCQA/bandit/pull/1158) - Bump docker/login-action from 3.2.0 to 3.3.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1159](https://redirect.github.com/PyCQA/bandit/pull/1159) - Bump docker/build-push-action from 6.3.0 to 6.5.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1160](https://redirect.github.com/PyCQA/bandit/pull/1160) - Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1163](https://redirect.github.com/PyCQA/bandit/pull/1163) - Bump docker/build-push-action from 6.5.0 to 6.6.1 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1166](https://redirect.github.com/PyCQA/bandit/pull/1166) - Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1165](https://redirect.github.com/PyCQA/bandit/pull/1165) - Bump docker/build-push-action from 6.6.1 to 6.7.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1168](https://redirect.github.com/PyCQA/bandit/pull/1168) - Use consistent file naming of docs by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1170](https://redirect.github.com/PyCQA/bandit/pull/1170) - Pytorch Load / Save Plugin by [@​lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1114](https://redirect.github.com/PyCQA/bandit/pull/1114) #### New Contributors - [@​Lucas-C](https://redirect.github.com/Lucas-C) made their first contribution in [https://github.com/PyCQA/bandit/pull/757](https://redirect.github.com/PyCQA/bandit/pull/757) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.9...1.7.10 ### [`v1.7.9`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.9) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.8...1.7.9) #### What's Changed - Bump docker/build-push-action from 5.1.0 to 5.2.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1117](https://redirect.github.com/PyCQA/bandit/pull/1117) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119) - New logo for Bandit based on raccoon by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1121](https://redirect.github.com/PyCQA/bandit/pull/1121) - Start testing on Python 3.13 by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1122](https://redirect.github.com/PyCQA/bandit/pull/1122) - Bump docker/build-push-action from 5.2.0 to 5.3.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1123](https://redirect.github.com/PyCQA/bandit/pull/1123) - Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1124](https://redirect.github.com/PyCQA/bandit/pull/1124) - Bump docker/login-action from 3.0.0 to 3.1.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1125](https://redirect.github.com/PyCQA/bandit/pull/1125) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1126](https://redirect.github.com/PyCQA/bandit/pull/1126) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1127](https://redirect.github.com/PyCQA/bandit/pull/1127) - Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1130](https://redirect.github.com/PyCQA/bandit/pull/1130) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1131](https://redirect.github.com/PyCQA/bandit/pull/1131) - Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1132](https://redirect.github.com/PyCQA/bandit/pull/1132) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1133](https://redirect.github.com/PyCQA/bandit/pull/1133) - Updates banner logo so it renders well in dark mode by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1134](https://redirect.github.com/PyCQA/bandit/pull/1134) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1135](https://redirect.github.com/PyCQA/bandit/pull/1135) - Add a sponsor section to README by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1137](https://redirect.github.com/PyCQA/bandit/pull/1137) - Ensure sarif extra is included as part of doc build by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1139](https://redirect.github.com/PyCQA/bandit/pull/1139) - Bump docker/login-action from 3.1.0 to 3.2.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1142](https://redirect.github.com/PyCQA/bandit/pull/1142) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1143](https://redirect.github.com/PyCQA/bandit/pull/1143) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1145](https://redirect.github.com/PyCQA/bandit/pull/1145) - Guard against empty call argument list by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1146](https://redirect.github.com/PyCQA/bandit/pull/1146) - Bump docker/build-push-action from 5.3.0 to 5.4.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1144](https://redirect.github.com/PyCQA/bandit/pull/1144) - Support `configfile` in `.bandit` file by [@​bersbersbers](https://redirect.github.com/bersbersbers) in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052) #### New Contributors - [@​pre-commit-ci](https://redirect.github.com/pre-commit-ci) made their first contribution in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119) - [@​bersbersbers](https://redirect.github.com/bersbersbers) made their first contribution in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9 ### [`v1.7.8`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@​lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://redirect.github.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://redirect.github.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://redirect.github.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://redirect.github.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://redirect.github.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@​etienneschalk](https://redirect.github.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://redirect.github.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@​shihai1991](https://redirect.github.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://redirect.github.com/PyCQA/bandit/pull/1113) #### New Contributors - [@​etienneschalk](https://redirect.github.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111) - [@​shihai1991](https://redirect.github.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8 ### [`v1.7.7`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.7) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.6...1.7.7) #### What's Changed - Add the new release to bandit versions of bug template by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1075](https://redirect.github.com/PyCQA/bandit/pull/1075) - Bump actions/setup-python from 4 to 5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1076](https://redirect.github.com/PyCQA/bandit/pull/1076) - Handle variant in how policy is passed in paramiko by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1078](https://redirect.github.com/PyCQA/bandit/pull/1078) - Flag str.replace as possible sql injection by [@​costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1044](https://redirect.github.com/PyCQA/bandit/pull/1044) - defusedxml: Show correct module name by [@​kajinamit](https://redirect.github.com/kajinamit) in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081) - Add tidelift to the sponsor funding list by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1089](https://redirect.github.com/PyCQA/bandit/pull/1089) - Create a security policy by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1091](https://redirect.github.com/PyCQA/bandit/pull/1091) - Fix up issues found running Bandit on itself by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1093](https://redirect.github.com/PyCQA/bandit/pull/1093) - Add random.randbytes to blacklist calls by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1096](https://redirect.github.com/PyCQA/bandit/pull/1096) - Prepend ./ for files specified as CLI args by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1094](https://redirect.github.com/PyCQA/bandit/pull/1094) - Rework GitPython dependency to be an extra for bandit-baseline by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1099](https://redirect.github.com/PyCQA/bandit/pull/1099) - Bump actions/dependency-review-action from 3 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1101](https://redirect.github.com/PyCQA/bandit/pull/1101) - Introduce Official Bandit Images by [@​lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1088](https://redirect.github.com/PyCQA/bandit/pull/1088) - Remove markdown formatting in reStructuredText formatted README by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1103](https://redirect.github.com/PyCQA/bandit/pull/1103) - Downsize the org:repo name by [@​lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1104](https://redirect.github.com/PyCQA/bandit/pull/1104) #### New Contributors - [@​kajinamit](https://redirect.github.com/kajinamit) made their first contribution in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7 ### [`v1.7.6`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.6) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.5...1.7.6) #### What's Changed - Update bug report to include version 1.7.5 by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://redirect.github.com/PyCQA/bandit/pull/993) - Render Python 3.10 in drop down correctly by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://redirect.github.com/PyCQA/bandit/pull/997) - Remove checks for Python2 urllib by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://redirect.github.com/PyCQA/bandit/pull/999) - Improper detection of non-requests module by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://redirect.github.com/PyCQA/bandit/pull/1011) - xmlrpclib replaced with xmlrpc in Python3 by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://redirect.github.com/PyCQA/bandit/pull/1012) - language and linting updates by [@​marksmayo](https://redirect.github.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://redirect.github.com/PyCQA/bandit/pull/1015) - Adds check for crypt module usage as weak hash by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://redirect.github.com/PyCQA/bandit/pull/1018) - Switch to tox 4 by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://redirect.github.com/PyCQA/bandit/pull/1020) - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://redirect.github.com/PyCQA/bandit/pull/1021) - Update versions of used GitHub Actions by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://redirect.github.com/PyCQA/bandit/pull/1024) - Update pre-commit hooks by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://redirect.github.com/PyCQA/bandit/pull/1026) - Add `random.Random` to B311 checks by [@​shiftinv](https://redirect.github.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://redirect.github.com/PyCQA/bandit/pull/940) - Add a copy button to all code snippets in docs by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://redirect.github.com/PyCQA/bandit/pull/1030) - Replace pbr in favor of importlib by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://redirect.github.com/PyCQA/bandit/pull/1016) - Switch from open collective to PSF by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://redirect.github.com/PyCQA/bandit/pull/1031) - Make pre-commit run Bandit hook using a single process by [@​Klavionik](https://redirect.github.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://redirect.github.com/PyCQA/bandit/pull/1029) - Remove support for Python 3.7 due to end-of-life by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://redirect.github.com/PyCQA/bandit/pull/1034) - Update asserts.py documentation by [@​deronnax](https://redirect.github.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://redirect.github.com/PyCQA/bandit/pull/1036) - Simplify `wrap_file_object` by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://redirect.github.com/PyCQA/bandit/pull/1037) - django_rawsql_used: support keyword arguments used in `RawSQL` by [@​kevinmarsh](https://redirect.github.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://redirect.github.com/PyCQA/bandit/pull/765) - Avoid gitpyhon CVE-2022-24439 by [@​carlosduelo](https://redirect.github.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://redirect.github.com/PyCQA/bandit/pull/1048) - Update blacklist call documentation by [@​costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://redirect.github.com/PyCQA/bandit/pull/1045) - Support ignoring blacklists by name by [@​costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://redirect.github.com/PyCQA/bandit/pull/1046) - Fix dependabot to update github actions by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://redirect.github.com/PyCQA/bandit/pull/1057) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://redirect.github.com/PyCQA/bandit/pull/1058) - Fix for ReadtheDocs build by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://redirect.github.com/PyCQA/bandit/pull/1061) - fix(plugins/B507): also detect class instances by [@​mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://redirect.github.com/PyCQA/bandit/pull/1064) - Use mirror repository for black pre-commit hook by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://redirect.github.com/PyCQA/bandit/pull/1070) - Add official support of Python 3.12 by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://redirect.github.com/PyCQA/bandit/pull/1068) - Fix crash on pyproject.toml without bandit config by [@​javajawa](https://redirect.github.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://redirect.github.com/PyCQA/bandit/pull/1073) - refactor: remove `importlib-metadata` fallback by [@​mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://redirect.github.com/PyCQA/bandit/pull/1066) - Fixes for sphinx build by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://redirect.github.com/PyCQA/bandit/pull/1063) #### New Contributors - [@​marksmayo](https://redirect.github.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://redirect.github.com/PyCQA/bandit/pull/1015) - [@​shiftinv](https://redirect.github.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://redirect.github.com/PyCQA/bandit/pull/940) - [@​Klavionik](https://redirect.github.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://redirect.github.com/PyCQA/bandit/pull/1029) - [@​deronnax](https://redirect.github.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://redirect.github.com/PyCQA/bandit/pull/1036) - [@​kevinmarsh](https://redirect.github.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://redirect.github.com/PyCQA/bandit/pull/765) - [@​carlosduelo](https://redirect.github.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://redirect.github.com/PyCQA/bandit/pull/1048) - [@​costaparas](https://redirect.github.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://redirect.github.com/PyCQA/bandit/pull/1045) - [@​dependabot](https://redirect.github.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://redirect.github.com/PyCQA/bandit/pull/1058) - [@​javajawa](https://redirect.github.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://redirect.github.com/PyCQA/bandit/pull/1073) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6 ### [`v1.7.5`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.5) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.4...1.7.5) #### What's Changed - Add an example screen shot of Bandit to README by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/847](https://redirect.github.com/PyCQA/bandit/pull/847) - Bad link to screen shot by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/848](https://redirect.github.com/PyCQA/bandit/pull/848) - Use a constant for weak hashes by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/850](https://redirect.github.com/PyCQA/bandit/pull/850) - Group location line with code output by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/822](https://redirect.github.com/PyCQA/bandit/pull/822) - Fix line range using Python 3.8 end_lineno by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/821](https://redirect.github.com/PyCQA/bandit/pull/821) - Add classifier to indicate Py3 only by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/853](https://redirect.github.com/PyCQA/bandit/pull/853) - Removal of blacklist call B309 httpsconnection by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/858](https://redirect.github.com/PyCQA/bandit/pull/858) - Remove blacklist call check for os.tempnam by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/859](https://redirect.github.com/PyCQA/bandit/pull/859) - Indiciate hash type in message by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/860](https://redirect.github.com/PyCQA/bandit/pull/860) - Add the httpx module check for verify by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/861](https://redirect.github.com/PyCQA/bandit/pull/861) - Add doc for hashlib plugin by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/862](https://redirect.github.com/PyCQA/bandit/pull/862) - Make use of rich for progress bar by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/863](https://redirect.github.com/PyCQA/bandit/pull/863) - Replace `toml` with `tomli` by [@​mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/829](https://redirect.github.com/PyCQA/bandit/pull/829) - Fix up B109 and B111 removed plugins docs by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/864](https://redirect.github.com/PyCQA/bandit/pull/864) - add check for "requests" calls without timeout by [@​mschfh](https://redirect.github.com/mschfh) in [https://github.com/PyCQA/bandit/pull/743](https://redirect.github.com/PyCQA/bandit/pull/743) - Fix for build breaks in format job by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/869](https://redirect.github.com/PyCQA/bandit/pull/869) - Add license and contributing links to docs by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/867](https://redirect.github.com/PyCQA/bandit/pull/867) - Remove redundant word Bandit in titles of sections by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/873](https://redirect.github.com/PyCQA/bandit/pull/873) - Add request for feedback via 👍 by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/871](https://redirect.github.com/PyCQA/bandit/pull/871) - Add a Discord link to the docs by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/870](https://redirect.github.com/PyCQA/bandit/pull/870) - Adding logging.config.listen() plugin with examples by [@​raj3shp](https://redirect.github.com/raj3shp) in [https://github.com/PyCQA/bandit/pull/874](https://redirect.github.com/PyCQA/bandit/pull/874) - Removal of ghugo by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/881](https://redirect.github.com/PyCQA/bandit/pull/881) - Remove redundant pip line by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/884](https://redirect.github.com/PyCQA/bandit/pull/884) - Corrected documentation on configuration by [@​a-takahashi223](https://redirect.github.com/a-takahashi223) in [https://github.com/PyCQA/bandit/pull/868](https://redirect.github.com/PyCQA/bandit/pull/868) - Start testing against Python 3.11 by [@​mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/887](https://redirect.github.com/PyCQA/bandit/pull/887) - Add myself to sponsor list by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/885](https://redirect.github.com/PyCQA/bandit/pull/885) - Add Discord link to README by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/875](https://redirect.github.com/PyCQA/bandit/pull/875) - Update action versions in Actions workflows ([#​890](https://redirect.github.com/PyCQA/bandit/issues/890)) by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/893](https://redirect.github.com/PyCQA/bandit/pull/893) - Add dependency review action by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/891](https://redirect.github.com/PyCQA/bandit/pull/891) - Fix an unclosed tag in HTML formatter by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/896](https://redirect.github.com/PyCQA/bandit/pull/896) - 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by [@​rajaramsrn](https://redirect.github.com/rajaramsrn) in [https://github.com/PyCQA/bandit/pull/897](https://redirect.github.com/PyCQA/bandit/pull/897) - Make small fixes in docs by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/899](https://redirect.github.com/PyCQA/bandit/pull/899) - Specify semver range for Python 3.11 by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/901](https://redirect.github.com/PyCQA/bandit/pull/901) - Add another bad example of yaml load by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/905](https://redirect.github.com/PyCQA/bandit/pull/905) - Add releases link in "Version control integration" by [@​travisjungroth](https://redirect.github.com/travisjungroth) in [https://github.com/PyCQA/bandit/pull/909](https://redirect.github.com/PyCQA/bandit/pull/909) - Update version of dependency-review-action by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/911](https://redirect.github.com/PyCQA/bandit/pull/911) - Avoid redundant message if debug on by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/913](https://redirect.github.com/PyCQA/bandit/pull/913) - Remove invalid checking on hashlib by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/914](https://redirect.github.com/PyCQA/bandit/pull/914) - Add some missing curve types by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/920](https://redirect.github.com/PyCQA/bandit/pull/920) - add jsonpickle deserialization blacklist by [@​SugarP1g](https://redirect.github.com/SugarP1g) in [https://github.com/PyCQA/bandit/pull/707](https://redirect.github.com/PyCQA/bandit/pull/707) - Fix reading the number argument from config file by [@​KAUTH](https://redirect.github.com/KAUTH) in [https://github.com/PyCQA/bandit/pull/923](https://redirect.github.com/PyCQA/bandit/pull/923) - Add end_col_offset if available by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/851](https://redirect.github.com/PyCQA/bandit/pull/851) - Enhancement Proposal: Plugin "assert_used" config-skip snippet by [@​marianomartinelli](https://redirect.github.com/marianomartinelli) in [https://github.com/PyCQA/bandit/pull/695](https://redirect.github.com/PyCQA/bandit/pull/695) - Blacklist pandas read_pickle and add functional test for it by [@​jaspersival](https://redirect.github.com/jaspersival) in [https://github.com/PyCQA/bandit/pull/710](https://redirect.github.com/PyCQA/bandit/pull/710) - Docs for request without timeout has dead link by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/925](https://redirect.github.com/PyCQA/bandit/pull/925) - Add case for global exec by [@​tonybaloney](https://redirect.github.com/tonybaloney) in [https://github.com/PyCQA/bandit/pull/570](https://redirect.github.com/PyCQA/bandit/pull/570) - Fix a false positive condition yaml_load by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/927](https://redirect.github.com/PyCQA/bandit/pull/927) - Fix issue [#​453](https://redirect.github.com/PyCQA/bandit/issues/453) jinja2 template select_autoescape when using jinja2.select_autoescape by [@​kinow](https://redirect.github.com/kinow) in [https://github.com/PyCQA/bandit/pull/454](https://redirect.github.com/PyCQA/bandit/pull/454) - Adding tarfile.extractall() plugin with examples by [@​yilmi](https://redirect.github.com/yilmi) in [https://github.com/PyCQA/bandit/pull/549](https://redirect.github.com/PyCQA/bandit/pull/549) - Check for deprecated TLS 1.1 by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/928](https://redirect.github.com/PyCQA/bandit/pull/928) - weak_cryptographic_key assumes positional arg by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/930](https://redirect.github.com/PyCQA/bandit/pull/930) - Fix filename of B202 in docs by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/932](https://redirect.github.com/PyCQA/bandit/pull/932) - Remove python 2 reference in docs by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/933](https://redirect.github.com/PyCQA/bandit/pull/933) - Pass correct number of arguments to match the `%s` placeholders. by [@​mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/934](https://redirect.github.com/PyCQA/bandit/pull/934) - Fixup some invalid pickle testing by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/924](https://redirect.github.com/PyCQA/bandit/pull/924) - Fix json and yaml formatters to respect num lines by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/929](https://redirect.github.com/PyCQA/bandit/pull/929) - Fix AttributeError on detect of tuple assign condition by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/931](https://redirect.github.com/PyCQA/bandit/pull/931) - \[docs] Mention `exclude_dirs` option available in TOML and YAML by [@​bittner](https://redirect.github.com/bittner) in [https://github.com/PyCQA/bandit/pull/876](https://redirect.github.com/PyCQA/bandit/pull/876) - Typo fix by [@​PermanAtayev](https://redirect.github.com/PermanAtayev) in [https://github.com/PyCQA/bandit/pull/945](https://redirect.github.com/PyCQA/bandit/pull/945) - remove py2 exec example in docs by [@​clavedeluna](https://redirect.github.com/clavedeluna) in [https://github.com/PyCQA/bandit/pull/947](https://redirect.github.com/PyCQA/bandit/pull/947) - Add official Python 3.11 support by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/964](https://redirect.github.com/PyCQA/bandit/pull/964) - DOC: Add explanation on how to use pre-commit with config file by [@​phofl](https://redirect.github.com/phofl) in [https://github.com/PyCQA/bandit/pull/968](https://redirect.github.com/PyCQA/bandit/pull/968) - Fix breaking build due to new tox by [@​ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/983](https://redirect.github.com/PyCQA/bandit/pull/983) - Correct build status badge in README by [@​gliptak](https://redirect.github.com/gliptak) in [https://github.com/PyCQA/bandit/pull/980](https://redirect.github.com/PyCQA/bandit/pull/980) - Improve detecting SQL injections in f-strings by [@​kfrydel](https://redirect.github.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/917](https://redirect.github.com/PyCQA/bandit/pull/917) - Improve handling nosec for multi-line strings by [@​kfrydel](https://redirect.github.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/915](https://redirect.github.com/PyCQA/bandit/pull/915) - Check for github action updates monthly by [@​jlosito](https://redirect.github.com/jlosito) in [https://github.com/PyCQA/bandit/pull/989](https://redirect.github.com/PyCQA/bandit/pull/989) - Added a bit more `project_urls` by [@​KOLANICH](https://redirect.github.com/KOLANICH) in [https://github.com/PyCQA/bandit/pull/985](https://redirect.github.com/PyCQA/bandit/pull/985) #### New Contributors - [@​mschfh](https://redirect.github.com/mschfh) made their first contribution in [https://github.com/PyCQA/bandit/pull/743](https://redirect.github.com/PyCQA/bandit/pull/743) - [@​raj3shp](https://redirect.github.com/raj3shp) made their first contribution in [https://github.com/PyCQA/bandit/pull/874](https://redirect.github.com/PyCQA/bandit/pull/874) - [@​a-takahashi223](https://redirect.github.com/a-takahashi223) made their first contribution in [https://github.com/PyCQA/bandit/pull/868](https://redirect.github.com/PyCQA/bandit/pull/868) - [@​mportesdev](https://redirect.github.com/mportesdev) made their first contribution in [https://github.com/PyCQA/bandit/pull/893](https://redirect.github.com/PyCQA/bandit/pull/893) - [@​rajaramsrn](https://redirect.github.com/rajaramsrn) made their first contribution in [https://github.com/PyCQA/bandit/pull/897](https://redirect.github.com/PyCQA/bandit/pull/897) - [@​travisjungroth](https://redirect.github.com/travisjungroth) made their first contribution in [https://github.com/PyCQA/bandit/pull/909](https://redirect.github.com/PyCQA/bandit/pull/909) - [@​SugarP1g](https://redirect.github.com/SugarP1g) made their first contribution in [https://github.com/PyCQA/bandit/pull/707](https://redirect.github.com/PyCQA/bandit/pull/707) - [@​KAUTH](https://redirect.github.com/KAUTH) made their first contribution in [https://github.com/PyCQA/bandit/pull/923](https://redirect.github.com/PyCQA/bandit/pull/923) - [@​marianomartinelli](https://redirect.github.com/marianomartinelli) made their first contribution in [https://github.com/PyCQA/bandit/pull/695](https://redirect.github.com/PyCQA/bandit/pull/695) - [@​jaspersival](https://redirect.github.com/jaspersival) made their first contribution in [https://github.com/PyCQA/bandit/pull/710](https://redirect.github.com/PyCQA/bandit/pull/710) - [@​kinow](https://redirect.github.com/kinow) made their first contribution in [https://github.com/PyCQA/bandit/pull/454](https://redirect.github.com/PyCQA/bandit/pull/454) - [@​yilmi](https://redirect.github.com/yilmi) made their first contribution in [https://github.com/PyCQA/bandit/pull/549](https://redirect.github.com/PyCQA/bandit/pull/549) - [@​PermanAtayev](https://redirect.github.com/PermanAtayev) made their first contribution in [https://github.com/PyCQA/bandit/pull/945](https://redirect.github.com/PyCQA/bandit/pull/945) - [@​clavedeluna](https://redirect.github.com/clavedeluna) made their first contribution in [https://github.com/PyCQA/bandit/pull/947](https://redirect.github.com/PyCQA/bandit/pull/947) - [@​phofl](https://redirect.github.com/phofl) made their first contribution in [https://github.com/PyCQA/bandit/pull/968](https://redirect.github.com/PyCQA/bandit/pull/968) - [@​gliptak](https://redirect.github.com/gliptak) made their first contribution in [https://github.com/PyCQA/bandit/pull/980](https://redirect.github.com/PyCQA/bandit/pull/980) - [@​kfrydel](https://redirect.github.com/kfrydel) made their first contribution in [https://github.com/PyCQA/bandit/pull/917](https://redirect.github.com/PyCQA/bandit/pull/917) - [@​jlosito](https://redirect.github.com/jlosito) made their first contribution in [https://github.com/PyCQA/bandit/pull/989](https://redirect.github.com/PyCQA/bandit/pull/989) - [@​KOLANICH](https://redirect.github.com/KOLANICH) made their first contribution in [https://github.com/PyCQA/bandit/pull/985](https://redirect.github.com/PyCQA/bandit/pull/985) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.