PyCQA/bandit (bandit)
### [`v1.7.10`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.10)
[Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.9...1.7.10)
#### What's Changed
- Bump docker/build-push-action from 5.4.0 to 6.0.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1147](https://redirect.github.com/PyCQA/bandit/pull/1147)
- Suggested small refactors in assignments by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1150](https://redirect.github.com/PyCQA/bandit/pull/1150)
- Performance improvement in blacklist function by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1148](https://redirect.github.com/PyCQA/bandit/pull/1148)
- Add test for usage of FTP_TLS by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1149](https://redirect.github.com/PyCQA/bandit/pull/1149)
- New check: B113: TrojanSource - Bidirectional control characters by [@Lucas-C](https://redirect.github.com/Lucas-C) in [https://github.com/PyCQA/bandit/pull/757](https://redirect.github.com/PyCQA/bandit/pull/757)
- Bump docker/build-push-action from 6.0.0 to 6.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1152](https://redirect.github.com/PyCQA/bandit/pull/1152)
- feat(plugins): add support for `httpx` in `B113` by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1060](https://redirect.github.com/PyCQA/bandit/pull/1060)
- Nit: remove unused variable by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1153](https://redirect.github.com/PyCQA/bandit/pull/1153)
- Add recent releases to version choice in bug report by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1151](https://redirect.github.com/PyCQA/bandit/pull/1151)
- Bump docker/build-push-action from 6.1.0 to 6.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1155](https://redirect.github.com/PyCQA/bandit/pull/1155)
- Bump docker/build-push-action from 6.2.0 to 6.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1157](https://redirect.github.com/PyCQA/bandit/pull/1157)
- Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1156](https://redirect.github.com/PyCQA/bandit/pull/1156)
- Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1158](https://redirect.github.com/PyCQA/bandit/pull/1158)
- Bump docker/login-action from 3.2.0 to 3.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1159](https://redirect.github.com/PyCQA/bandit/pull/1159)
- Bump docker/build-push-action from 6.3.0 to 6.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1160](https://redirect.github.com/PyCQA/bandit/pull/1160)
- Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1163](https://redirect.github.com/PyCQA/bandit/pull/1163)
- Bump docker/build-push-action from 6.5.0 to 6.6.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1166](https://redirect.github.com/PyCQA/bandit/pull/1166)
- Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1165](https://redirect.github.com/PyCQA/bandit/pull/1165)
- Bump docker/build-push-action from 6.6.1 to 6.7.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1168](https://redirect.github.com/PyCQA/bandit/pull/1168)
- Use consistent file naming of docs by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1170](https://redirect.github.com/PyCQA/bandit/pull/1170)
- Pytorch Load / Save Plugin by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1114](https://redirect.github.com/PyCQA/bandit/pull/1114)
#### New Contributors
- [@Lucas-C](https://redirect.github.com/Lucas-C) made their first contribution in [https://github.com/PyCQA/bandit/pull/757](https://redirect.github.com/PyCQA/bandit/pull/757)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.9...1.7.10
### [`v1.7.9`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.9)
[Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.8...1.7.9)
#### What's Changed
- Bump docker/build-push-action from 5.1.0 to 5.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1117](https://redirect.github.com/PyCQA/bandit/pull/1117)
- \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119)
- New logo for Bandit based on raccoon by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1121](https://redirect.github.com/PyCQA/bandit/pull/1121)
- Start testing on Python 3.13 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1122](https://redirect.github.com/PyCQA/bandit/pull/1122)
- Bump docker/build-push-action from 5.2.0 to 5.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1123](https://redirect.github.com/PyCQA/bandit/pull/1123)
- Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1124](https://redirect.github.com/PyCQA/bandit/pull/1124)
- Bump docker/login-action from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1125](https://redirect.github.com/PyCQA/bandit/pull/1125)
- \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1126](https://redirect.github.com/PyCQA/bandit/pull/1126)
- \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1127](https://redirect.github.com/PyCQA/bandit/pull/1127)
- Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1130](https://redirect.github.com/PyCQA/bandit/pull/1130)
- \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1131](https://redirect.github.com/PyCQA/bandit/pull/1131)
- Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1132](https://redirect.github.com/PyCQA/bandit/pull/1132)
- \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1133](https://redirect.github.com/PyCQA/bandit/pull/1133)
- Updates banner logo so it renders well in dark mode by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1134](https://redirect.github.com/PyCQA/bandit/pull/1134)
- \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1135](https://redirect.github.com/PyCQA/bandit/pull/1135)
- Add a sponsor section to README by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1137](https://redirect.github.com/PyCQA/bandit/pull/1137)
- Ensure sarif extra is included as part of doc build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1139](https://redirect.github.com/PyCQA/bandit/pull/1139)
- Bump docker/login-action from 3.1.0 to 3.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1142](https://redirect.github.com/PyCQA/bandit/pull/1142)
- \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1143](https://redirect.github.com/PyCQA/bandit/pull/1143)
- \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1145](https://redirect.github.com/PyCQA/bandit/pull/1145)
- Guard against empty call argument list by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1146](https://redirect.github.com/PyCQA/bandit/pull/1146)
- Bump docker/build-push-action from 5.3.0 to 5.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1144](https://redirect.github.com/PyCQA/bandit/pull/1144)
- Support `configfile` in `.bandit` file by [@bersbersbers](https://redirect.github.com/bersbersbers) in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052)
#### New Contributors
- [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) made their first contribution in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119)
- [@bersbersbers](https://redirect.github.com/bersbersbers) made their first contribution in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9
### [`v1.7.8`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.8)
[Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.7...1.7.8)
#### What's Changed
- Incorrect tag naming in readme by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://redirect.github.com/PyCQA/bandit/pull/1105)
- Utilize PyPI's trusted publishing by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://redirect.github.com/PyCQA/bandit/pull/1107)
- Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://redirect.github.com/PyCQA/bandit/pull/1109)
- Add 1.7.7 to versions of bug template by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://redirect.github.com/PyCQA/bandit/pull/1110)
- Use datetime to avoid updating copyright year by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://redirect.github.com/PyCQA/bandit/pull/1112)
- filter data is safe for tarfile extractall by [@etienneschalk](https://redirect.github.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111)
- Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://redirect.github.com/PyCQA/bandit/pull/1115)
- \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://redirect.github.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116)
- Add a SARIF output formatter by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://redirect.github.com/PyCQA/bandit/pull/1113)
#### New Contributors
- [@etienneschalk](https://redirect.github.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111)
- [@shihai1991](https://redirect.github.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8
### [`v1.7.7`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.7)
[Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.6...1.7.7)
#### What's Changed
- Add the new release to bandit versions of bug template by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1075](https://redirect.github.com/PyCQA/bandit/pull/1075)
- Bump actions/setup-python from 4 to 5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1076](https://redirect.github.com/PyCQA/bandit/pull/1076)
- Handle variant in how policy is passed in paramiko by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1078](https://redirect.github.com/PyCQA/bandit/pull/1078)
- Flag str.replace as possible sql injection by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1044](https://redirect.github.com/PyCQA/bandit/pull/1044)
- defusedxml: Show correct module name by [@kajinamit](https://redirect.github.com/kajinamit) in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081)
- Add tidelift to the sponsor funding list by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1089](https://redirect.github.com/PyCQA/bandit/pull/1089)
- Create a security policy by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1091](https://redirect.github.com/PyCQA/bandit/pull/1091)
- Fix up issues found running Bandit on itself by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1093](https://redirect.github.com/PyCQA/bandit/pull/1093)
- Add random.randbytes to blacklist calls by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1096](https://redirect.github.com/PyCQA/bandit/pull/1096)
- Prepend ./ for files specified as CLI args by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1094](https://redirect.github.com/PyCQA/bandit/pull/1094)
- Rework GitPython dependency to be an extra for bandit-baseline by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1099](https://redirect.github.com/PyCQA/bandit/pull/1099)
- Bump actions/dependency-review-action from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1101](https://redirect.github.com/PyCQA/bandit/pull/1101)
- Introduce Official Bandit Images by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1088](https://redirect.github.com/PyCQA/bandit/pull/1088)
- Remove markdown formatting in reStructuredText formatted README by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1103](https://redirect.github.com/PyCQA/bandit/pull/1103)
- Downsize the org:repo name by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1104](https://redirect.github.com/PyCQA/bandit/pull/1104)
#### New Contributors
- [@kajinamit](https://redirect.github.com/kajinamit) made their first contribution in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7
### [`v1.7.6`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.6)
[Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.5...1.7.6)
#### What's Changed
- Update bug report to include version 1.7.5 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://redirect.github.com/PyCQA/bandit/pull/993)
- Render Python 3.10 in drop down correctly by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://redirect.github.com/PyCQA/bandit/pull/997)
- Remove checks for Python2 urllib by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://redirect.github.com/PyCQA/bandit/pull/999)
- Improper detection of non-requests module by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://redirect.github.com/PyCQA/bandit/pull/1011)
- xmlrpclib replaced with xmlrpc in Python3 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://redirect.github.com/PyCQA/bandit/pull/1012)
- language and linting updates by [@marksmayo](https://redirect.github.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://redirect.github.com/PyCQA/bandit/pull/1015)
- Adds check for crypt module usage as weak hash by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://redirect.github.com/PyCQA/bandit/pull/1018)
- Switch to tox 4 by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://redirect.github.com/PyCQA/bandit/pull/1020)
- Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://redirect.github.com/PyCQA/bandit/pull/1021)
- Update versions of used GitHub Actions by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://redirect.github.com/PyCQA/bandit/pull/1024)
- Update pre-commit hooks by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://redirect.github.com/PyCQA/bandit/pull/1026)
- Add `random.Random` to B311 checks by [@shiftinv](https://redirect.github.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://redirect.github.com/PyCQA/bandit/pull/940)
- Add a copy button to all code snippets in docs by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://redirect.github.com/PyCQA/bandit/pull/1030)
- Replace pbr in favor of importlib by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://redirect.github.com/PyCQA/bandit/pull/1016)
- Switch from open collective to PSF by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://redirect.github.com/PyCQA/bandit/pull/1031)
- Make pre-commit run Bandit hook using a single process by [@Klavionik](https://redirect.github.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://redirect.github.com/PyCQA/bandit/pull/1029)
- Remove support for Python 3.7 due to end-of-life by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://redirect.github.com/PyCQA/bandit/pull/1034)
- Update asserts.py documentation by [@deronnax](https://redirect.github.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://redirect.github.com/PyCQA/bandit/pull/1036)
- Simplify `wrap_file_object` by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://redirect.github.com/PyCQA/bandit/pull/1037)
- django_rawsql_used: support keyword arguments used in `RawSQL` by [@kevinmarsh](https://redirect.github.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://redirect.github.com/PyCQA/bandit/pull/765)
- Avoid gitpyhon CVE-2022-24439 by [@carlosduelo](https://redirect.github.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://redirect.github.com/PyCQA/bandit/pull/1048)
- Update blacklist call documentation by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://redirect.github.com/PyCQA/bandit/pull/1045)
- Support ignoring blacklists by name by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://redirect.github.com/PyCQA/bandit/pull/1046)
- Fix dependabot to update github actions by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://redirect.github.com/PyCQA/bandit/pull/1057)
- Bump actions/checkout from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://redirect.github.com/PyCQA/bandit/pull/1058)
- Fix for ReadtheDocs build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://redirect.github.com/PyCQA/bandit/pull/1061)
- fix(plugins/B507): also detect class instances by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://redirect.github.com/PyCQA/bandit/pull/1064)
- Use mirror repository for black pre-commit hook by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://redirect.github.com/PyCQA/bandit/pull/1070)
- Add official support of Python 3.12 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://redirect.github.com/PyCQA/bandit/pull/1068)
- Fix crash on pyproject.toml without bandit config by [@javajawa](https://redirect.github.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://redirect.github.com/PyCQA/bandit/pull/1073)
- refactor: remove `importlib-metadata` fallback by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://redirect.github.com/PyCQA/bandit/pull/1066)
- Fixes for sphinx build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://redirect.github.com/PyCQA/bandit/pull/1063)
#### New Contributors
- [@marksmayo](https://redirect.github.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://redirect.github.com/PyCQA/bandit/pull/1015)
- [@shiftinv](https://redirect.github.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://redirect.github.com/PyCQA/bandit/pull/940)
- [@Klavionik](https://redirect.github.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://redirect.github.com/PyCQA/bandit/pull/1029)
- [@deronnax](https://redirect.github.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://redirect.github.com/PyCQA/bandit/pull/1036)
- [@kevinmarsh](https://redirect.github.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://redirect.github.com/PyCQA/bandit/pull/765)
- [@carlosduelo](https://redirect.github.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://redirect.github.com/PyCQA/bandit/pull/1048)
- [@costaparas](https://redirect.github.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://redirect.github.com/PyCQA/bandit/pull/1045)
- [@dependabot](https://redirect.github.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://redirect.github.com/PyCQA/bandit/pull/1058)
- [@javajawa](https://redirect.github.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://redirect.github.com/PyCQA/bandit/pull/1073)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6
psf/black (black)
### [`v24.10.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#24100)
[Compare Source](https://redirect.github.com/psf/black/compare/24.8.0...24.10.0)
##### Highlights
- Black is now officially tested with Python 3.13 and provides Python 3.13
mypyc-compiled wheels. ([#4436](https://redirect.github.com/psf/black/issues/4436)) ([#4449](https://redirect.github.com/psf/black/issues/4449))
- Black will issue an error when used with Python 3.12.5, due to an upstream memory
safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please
use Python 3.12.6 or Python 3.12.4 instead. ([#4447](https://redirect.github.com/psf/black/issues/4447))
- Black no longer supports running with Python 3.8 ([#4452](https://redirect.github.com/psf/black/issues/4452))
##### Stable style
- Fix crashes involving comments in parenthesised return types or `X | Y` style unions.
([#4453](https://redirect.github.com/psf/black/issues/4453))
- Fix skipping Jupyter cells with unknown `%%` magic ([#4462](https://redirect.github.com/psf/black/issues/4462))
##### Preview style
- Fix type annotation spacing between \* and more complex type variable tuple (i.e. `def
fn(*args: *tuple[*Ts, T]) -> None: pass`) ([#4440](https://redirect.github.com/psf/black/issues/4440))
##### Caching
- Fix bug where the cache was shared between runs with and without `--unstable` ([#4466](https://redirect.github.com/psf/black/issues/4466))
##### Packaging
- Upgrade version of mypyc used to 1.12 beta ([#4450](https://redirect.github.com/psf/black/issues/4450)) ([#4449](https://redirect.github.com/psf/black/issues/4449))
- `blackd` now requires a newer version of aiohttp. ([#4451](https://redirect.github.com/psf/black/issues/4451))
##### Output
- Added Python target version information on parse error ([#4378](https://redirect.github.com/psf/black/issues/4378))
- Add information about Black version to internal error messages ([#4457](https://redirect.github.com/psf/black/issues/4457))
### [`v24.8.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2480)
[Compare Source](https://redirect.github.com/psf/black/compare/24.4.2...24.8.0)
##### Stable style
- Fix crash when `# fmt: off` is used before a closing parenthesis or bracket. ([#4363](https://redirect.github.com/psf/black/issues/4363))
##### Packaging
- Packaging metadata updated: docs are explictly linked, the issue tracker is now also
linked. This improves the PyPI listing for Black. ([#4345](https://redirect.github.com/psf/black/issues/4345))
##### Parser
- Fix regression where Black failed to parse a multiline f-string containing another
multiline string ([#4339](https://redirect.github.com/psf/black/issues/4339))
- Fix regression where Black failed to parse an escaped single quote inside an f-string
([#4401](https://redirect.github.com/psf/black/issues/4401))
- Fix bug with Black incorrectly parsing empty lines with a backslash ([#4343](https://redirect.github.com/psf/black/issues/4343))
- Fix bugs with Black's tokenizer not handling `\{` inside f-strings very well ([#4422](https://redirect.github.com/psf/black/issues/4422))
- Fix incorrect line numbers in the tokenizer for certain tokens within f-strings
([#4423](https://redirect.github.com/psf/black/issues/4423))
##### Performance
- Improve performance when a large directory is listed in `.gitignore` ([#4415](https://redirect.github.com/psf/black/issues/4415))
##### *Blackd*
- Fix blackd (and all extras installs) for docker container ([#4357](https://redirect.github.com/psf/black/issues/4357))
### [`v24.4.2`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2442)
[Compare Source](https://redirect.github.com/psf/black/compare/24.4.1...24.4.2)
This is a bugfix release to fix two regressions in the new f-string parser introduced in
24.4.1.
##### Parser
- Fix regression where certain complex f-strings failed to parse ([#4332](https://redirect.github.com/psf/black/issues/4332))
##### Performance
- Fix bad performance on certain complex string literals ([#4331](https://redirect.github.com/psf/black/issues/4331))
### [`v24.4.1`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2441)
[Compare Source](https://redirect.github.com/psf/black/compare/24.4.0...24.4.1)
##### Highlights
- Add support for the new Python 3.12 f-string syntax introduced by PEP 701 ([#3822](https://redirect.github.com/psf/black/issues/3822))
##### Stable style
- Fix crash involving indented dummy functions containing newlines ([#4318](https://redirect.github.com/psf/black/issues/4318))
##### Parser
- Add support for type parameter defaults, a new syntactic feature added to Python 3.13
by PEP 696 ([#4327](https://redirect.github.com/psf/black/issues/4327))
##### Integrations
- Github Action now works even when `git archive` is skipped ([#4313](https://redirect.github.com/psf/black/issues/4313))
### [`v24.4.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2440)
[Compare Source](https://redirect.github.com/psf/black/compare/24.3.0...24.4.0)
##### Stable style
- Fix unwanted crashes caused by AST equivalency check ([#4290](https://redirect.github.com/psf/black/issues/4290))
##### Preview style
- `if` guards in `case` blocks are now wrapped in parentheses when the line is too long.
([#4269](https://redirect.github.com/psf/black/issues/4269))
- Stop moving multiline strings to a new line unless inside brackets ([#4289](https://redirect.github.com/psf/black/issues/4289))
##### Integrations
- Add a new option `use_pyproject` to the GitHub Action `psf/black`. This will read the
Black version from `pyproject.toml`. ([#4294](https://redirect.github.com/psf/black/issues/4294))
### [`v24.3.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2430)
[Compare Source](https://redirect.github.com/psf/black/compare/24.2.0...24.3.0)
##### Highlights
This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
[CVE-2024-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503).
This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.
##### Stable style
- Don't move comments along with delimiters, which could cause crashes ([#4248](https://redirect.github.com/psf/black/issues/4248))
- Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. ([#4270](https://redirect.github.com/psf/black/issues/4270))
- Fix a bug where line-ranges exceeding the last code line would not work as expected
([#4273](https://redirect.github.com/psf/black/issues/4273))
##### Performance
- Fix catastrophic performance on docstrings that contain large numbers of leading tab
characters. This fixes
[CVE-2024-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503).
([#4278](https://redirect.github.com/psf/black/issues/4278))
##### Documentation
- Note what happens when `--check` is used with `--quiet` ([#4236](https://redirect.github.com/psf/black/issues/4236))
### [`v24.2.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2420)
[Compare Source](https://redirect.github.com/psf/black/compare/24.1.1...24.2.0)
##### Stable style
- Fixed a bug where comments where mistakenly removed along with redundant parentheses
([#4218](https://redirect.github.com/psf/black/issues/4218))
##### Preview style
- Move the `hug_parens_with_braces_and_square_brackets` feature to the unstable style
due to an outstanding crash and proposed formatting tweaks ([#4198](https://redirect.github.com/psf/black/issues/4198))
- Fixed a bug where base expressions caused inconsistent formatting of \*\* in tenary
expression ([#4154](https://redirect.github.com/psf/black/issues/4154))
- Checking for newline before adding one on docstring that is almost at the line limit
([#4185](https://redirect.github.com/psf/black/issues/4185))
- Remove redundant parentheses in `case` statement `if` guards ([#4214](https://redirect.github.com/psf/black/issues/4214)).
##### Configuration
- Fix issue where *Black* would ignore input files in the presence of symlinks ([#4222](https://redirect.github.com/psf/black/issues/4222))
- *Black* now ignores `pyproject.toml` that is missing a `tool.black` section when
discovering project root and configuration. Since *Black* continues to use version
control as an indicator of project root, this is expected to primarily change behavior
for users in a monorepo setup (desirably). If you wish to preserve previous behavior,
simply add an empty `[tool.black]` to the previously discovered `pyproject.toml`
([#4204](https://redirect.github.com/psf/black/issues/4204))
##### Output
- Black will swallow any `SyntaxWarning`s or `DeprecationWarning`s produced by the `ast`
module when performing equivalence checks ([#4189](https://redirect.github.com/psf/black/issues/4189))
##### Integrations
- Add a JSONSchema and provide a validate-pyproject entry-point ([#4181](https://redirect.github.com/psf/black/issues/4181))
### [`v24.1.1`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2411)
[Compare Source](https://redirect.github.com/psf/black/compare/24.1.0...24.1.1)
Bugfix release to fix a bug that made Black unusable on certain file systems with strict
limits on path length.
##### Preview style
- Consistently add trailing comma on typed parameters ([#4164](https://redirect.github.com/psf/black/issues/4164))
##### Configuration
- Shorten the length of the name of the cache file to fix crashes on file systems that
do not support long paths ([#4176](https://redirect.github.com/psf/black/issues/4176))
### [`v24.1.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2410)
[Compare Source](https://redirect.github.com/psf/black/compare/23.12.1...24.1.0)
##### Highlights
This release introduces the new 2024 stable style ([#4106](https://redirect.github.com/psf/black/issues/4106)), stabilizing the following
changes:
- Add parentheses around `if`-`else` expressions ([#2278](https://redirect.github.com/psf/black/issues/2278))
- Dummy class and function implementations consisting only of `...` are formatted more
compactly ([#3796](https://redirect.github.com/psf/black/issues/3796))
- If an assignment statement is too long, we now prefer splitting on the right-hand side
([#3368](https://redirect.github.com/psf/black/issues/3368))
- Hex codes in Unicode escape sequences are now standardized to lowercase ([#2916](https://redirect.github.com/psf/black/issues/2916))
- Allow empty first lines at the beginning of most blocks ([#3967](https://redirect.github.com/psf/black/issues/3967), [#4061](https://redirect.github.com/psf/black/issues/4061))
- Add parentheses around long type annotations ([#3899](https://redirect.github.com/psf/black/issues/3899))
- Enforce newline after module docstrings ([#3932](https://redirect.github.com/psf/black/issues/3932), [#4028](https://redirect.github.com/psf/black/issues/4028))
- Fix incorrect magic trailing comma handling in return types ([#3916](https://redirect.github.com/psf/black/issues/3916))
- Remove blank lines before class docstrings ([#3692](https://redirect.github.com/psf/black/issues/3692))
- Wrap multiple context managers in parentheses if combined in a single `with` statement
([#3489](https://redirect.github.com/psf/black/issues/3489))
- Fix bug in line length calculations for power operations ([#3942](https://redirect.github.com/psf/black/issues/3942))
- Add trailing commas to collection literals even if there's a comment after the last
entry ([#3393](https://redirect.github.com/psf/black/issues/3393))
- When using `--skip-magic-trailing-comma` or `-C`, trailing commas are stripped from
subscript expressions with more than 1 element ([#3209](https://redirect.github.com/psf/black/issues/3209))
- Add extra blank lines in stubs in a few cases ([#3564](https://redirect.github.com/psf/black/issues/3564), [#3862](https://redirect.github.com/psf/black/issues/3862))
- Accept raw strings as docstrings ([#3947](https://redirect.github.com/psf/black/issues/3947))
- Split long lines in case blocks ([#4024](https://redirect.github.com/psf/black/issues/4024))
- Stop removing spaces from walrus operators within subscripts ([#3823](https://redirect.github.com/psf/black/issues/3823))
- Fix incorrect formatting of certain async statements ([#3609](https://redirect.github.com/psf/black/issues/3609))
- Allow combining `# fmt: skip` with other comments ([#3959](https://redirect.github.com/psf/black/issues/3959))
There are already a few improvements in the `--preview` style, which are slated for the
2025 stable style. Try them out and
[share your feedback](https://redirect.github.com/psf/black/issues). In the past, the preview
style has included some features that we were not able to stabilize. This year, we're
adding a separate `--unstable` style for features with known problems. Now, the
`--preview` style only includes features that we actually expect to make it into next
year's stable style.
##### Stable style
Several bug fixes were made in features that are moved to the stable style in this
release:
- Fix comment handling when parenthesising conditional expressions ([#4134](https://redirect.github.com/psf/black/issues/4134))
- Fix bug where spaces were not added around parenthesized walruses in subscripts,
unlike other binary operators ([#4109](https://redirect.github.com/psf/black/issues/4109))
- Remove empty lines before docstrings in async functions ([#4132](https://redirect.github.com/psf/black/issues/4132))
- Address a missing case in the change to allow empty lines at the beginning of all
blocks, except immediately before a docstring ([#4130](https://redirect.github.com/psf/black/issues/4130))
- For stubs, fix logic to enforce empty line after nested classes with bodies ([#4141](https://redirect.github.com/psf/black/issues/4141))
##### Preview style
- Add `--unstable` style, covering preview features that have known problems that would
block them from going into the stable style. Also add the `--enable-unstable-feature`
flag; for example, use
`--enable-unstable-feature hug_parens_with_braces_and_square_brackets` to apply this
preview feature throughout 2024, even if a later Black release downgrades the feature
to unstable ([#4096](https://redirect.github.com/psf/black/issues/4096))
- Format module docstrings the same as class and function docstrings ([#4095](https://redirect.github.com/psf/black/issues/4095))
- Fix crash when using a walrus in a dictionary ([#4155](https://redirect.github.com/psf/black/issues/4155))
- Fix unnecessary parentheses when wrapping long dicts ([#4135](https://redirect.github.com/psf/black/issues/4135))
Configuration
📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
==1.7.5
->==1.7.10
==23.9.1
->==24.10.0
==2.4.1
->==2.5.1
==4.2.0
->==4.6.0
==2022.8.0
->==2024.4.2
==3.3.0
->==3.3.1
==6.1.0
->==7.1.1
==21.2.0
->==23.0.0
==8.15.0
->==8.29.0
==5.12.0
->==5.13.2
==4.9.3
->==5.3.0
==1.0.7
->==1.1.0
==2.2.0
->==2.2.6
==2.9.8
->==2.9.10
==2.17.6
->==3.3.1
==2.5.3
->==2.6.1
==7.4.2
->==8.3.3
==4.1.0
->==6.0.0
==4.5.2
->==4.9.0
==2023.3.post1
->==2024.2
==0.23.3
->==0.25.3
==1.31.0
->==2.18.0
==2.13.0
->==2.16.0
==4.0.2
->==5.1.1
Release Notes
PyCQA/bandit (bandit)
### [`v1.7.10`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.10) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.9...1.7.10) #### What's Changed - Bump docker/build-push-action from 5.4.0 to 6.0.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1147](https://redirect.github.com/PyCQA/bandit/pull/1147) - Suggested small refactors in assignments by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1150](https://redirect.github.com/PyCQA/bandit/pull/1150) - Performance improvement in blacklist function by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1148](https://redirect.github.com/PyCQA/bandit/pull/1148) - Add test for usage of FTP_TLS by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1149](https://redirect.github.com/PyCQA/bandit/pull/1149) - New check: B113: TrojanSource - Bidirectional control characters by [@Lucas-C](https://redirect.github.com/Lucas-C) in [https://github.com/PyCQA/bandit/pull/757](https://redirect.github.com/PyCQA/bandit/pull/757) - Bump docker/build-push-action from 6.0.0 to 6.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1152](https://redirect.github.com/PyCQA/bandit/pull/1152) - feat(plugins): add support for `httpx` in `B113` by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1060](https://redirect.github.com/PyCQA/bandit/pull/1060) - Nit: remove unused variable by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1153](https://redirect.github.com/PyCQA/bandit/pull/1153) - Add recent releases to version choice in bug report by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1151](https://redirect.github.com/PyCQA/bandit/pull/1151) - Bump docker/build-push-action from 6.1.0 to 6.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1155](https://redirect.github.com/PyCQA/bandit/pull/1155) - Bump docker/build-push-action from 6.2.0 to 6.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1157](https://redirect.github.com/PyCQA/bandit/pull/1157) - Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1156](https://redirect.github.com/PyCQA/bandit/pull/1156) - Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1158](https://redirect.github.com/PyCQA/bandit/pull/1158) - Bump docker/login-action from 3.2.0 to 3.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1159](https://redirect.github.com/PyCQA/bandit/pull/1159) - Bump docker/build-push-action from 6.3.0 to 6.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1160](https://redirect.github.com/PyCQA/bandit/pull/1160) - Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1163](https://redirect.github.com/PyCQA/bandit/pull/1163) - Bump docker/build-push-action from 6.5.0 to 6.6.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1166](https://redirect.github.com/PyCQA/bandit/pull/1166) - Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1165](https://redirect.github.com/PyCQA/bandit/pull/1165) - Bump docker/build-push-action from 6.6.1 to 6.7.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1168](https://redirect.github.com/PyCQA/bandit/pull/1168) - Use consistent file naming of docs by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1170](https://redirect.github.com/PyCQA/bandit/pull/1170) - Pytorch Load / Save Plugin by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1114](https://redirect.github.com/PyCQA/bandit/pull/1114) #### New Contributors - [@Lucas-C](https://redirect.github.com/Lucas-C) made their first contribution in [https://github.com/PyCQA/bandit/pull/757](https://redirect.github.com/PyCQA/bandit/pull/757) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.9...1.7.10 ### [`v1.7.9`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.9) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.8...1.7.9) #### What's Changed - Bump docker/build-push-action from 5.1.0 to 5.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1117](https://redirect.github.com/PyCQA/bandit/pull/1117) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119) - New logo for Bandit based on raccoon by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1121](https://redirect.github.com/PyCQA/bandit/pull/1121) - Start testing on Python 3.13 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1122](https://redirect.github.com/PyCQA/bandit/pull/1122) - Bump docker/build-push-action from 5.2.0 to 5.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1123](https://redirect.github.com/PyCQA/bandit/pull/1123) - Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1124](https://redirect.github.com/PyCQA/bandit/pull/1124) - Bump docker/login-action from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1125](https://redirect.github.com/PyCQA/bandit/pull/1125) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1126](https://redirect.github.com/PyCQA/bandit/pull/1126) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1127](https://redirect.github.com/PyCQA/bandit/pull/1127) - Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1130](https://redirect.github.com/PyCQA/bandit/pull/1130) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1131](https://redirect.github.com/PyCQA/bandit/pull/1131) - Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1132](https://redirect.github.com/PyCQA/bandit/pull/1132) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1133](https://redirect.github.com/PyCQA/bandit/pull/1133) - Updates banner logo so it renders well in dark mode by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1134](https://redirect.github.com/PyCQA/bandit/pull/1134) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1135](https://redirect.github.com/PyCQA/bandit/pull/1135) - Add a sponsor section to README by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1137](https://redirect.github.com/PyCQA/bandit/pull/1137) - Ensure sarif extra is included as part of doc build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1139](https://redirect.github.com/PyCQA/bandit/pull/1139) - Bump docker/login-action from 3.1.0 to 3.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1142](https://redirect.github.com/PyCQA/bandit/pull/1142) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1143](https://redirect.github.com/PyCQA/bandit/pull/1143) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1145](https://redirect.github.com/PyCQA/bandit/pull/1145) - Guard against empty call argument list by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1146](https://redirect.github.com/PyCQA/bandit/pull/1146) - Bump docker/build-push-action from 5.3.0 to 5.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1144](https://redirect.github.com/PyCQA/bandit/pull/1144) - Support `configfile` in `.bandit` file by [@bersbersbers](https://redirect.github.com/bersbersbers) in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052) #### New Contributors - [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) made their first contribution in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119) - [@bersbersbers](https://redirect.github.com/bersbersbers) made their first contribution in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9 ### [`v1.7.8`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://redirect.github.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://redirect.github.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://redirect.github.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://redirect.github.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://redirect.github.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@etienneschalk](https://redirect.github.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://redirect.github.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://redirect.github.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://redirect.github.com/PyCQA/bandit/pull/1113) #### New Contributors - [@etienneschalk](https://redirect.github.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111) - [@shihai1991](https://redirect.github.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8 ### [`v1.7.7`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.7) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.6...1.7.7) #### What's Changed - Add the new release to bandit versions of bug template by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1075](https://redirect.github.com/PyCQA/bandit/pull/1075) - Bump actions/setup-python from 4 to 5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1076](https://redirect.github.com/PyCQA/bandit/pull/1076) - Handle variant in how policy is passed in paramiko by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1078](https://redirect.github.com/PyCQA/bandit/pull/1078) - Flag str.replace as possible sql injection by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1044](https://redirect.github.com/PyCQA/bandit/pull/1044) - defusedxml: Show correct module name by [@kajinamit](https://redirect.github.com/kajinamit) in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081) - Add tidelift to the sponsor funding list by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1089](https://redirect.github.com/PyCQA/bandit/pull/1089) - Create a security policy by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1091](https://redirect.github.com/PyCQA/bandit/pull/1091) - Fix up issues found running Bandit on itself by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1093](https://redirect.github.com/PyCQA/bandit/pull/1093) - Add random.randbytes to blacklist calls by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1096](https://redirect.github.com/PyCQA/bandit/pull/1096) - Prepend ./ for files specified as CLI args by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1094](https://redirect.github.com/PyCQA/bandit/pull/1094) - Rework GitPython dependency to be an extra for bandit-baseline by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1099](https://redirect.github.com/PyCQA/bandit/pull/1099) - Bump actions/dependency-review-action from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1101](https://redirect.github.com/PyCQA/bandit/pull/1101) - Introduce Official Bandit Images by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1088](https://redirect.github.com/PyCQA/bandit/pull/1088) - Remove markdown formatting in reStructuredText formatted README by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1103](https://redirect.github.com/PyCQA/bandit/pull/1103) - Downsize the org:repo name by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1104](https://redirect.github.com/PyCQA/bandit/pull/1104) #### New Contributors - [@kajinamit](https://redirect.github.com/kajinamit) made their first contribution in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7 ### [`v1.7.6`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.6) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.5...1.7.6) #### What's Changed - Update bug report to include version 1.7.5 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://redirect.github.com/PyCQA/bandit/pull/993) - Render Python 3.10 in drop down correctly by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://redirect.github.com/PyCQA/bandit/pull/997) - Remove checks for Python2 urllib by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://redirect.github.com/PyCQA/bandit/pull/999) - Improper detection of non-requests module by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://redirect.github.com/PyCQA/bandit/pull/1011) - xmlrpclib replaced with xmlrpc in Python3 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://redirect.github.com/PyCQA/bandit/pull/1012) - language and linting updates by [@marksmayo](https://redirect.github.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://redirect.github.com/PyCQA/bandit/pull/1015) - Adds check for crypt module usage as weak hash by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://redirect.github.com/PyCQA/bandit/pull/1018) - Switch to tox 4 by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://redirect.github.com/PyCQA/bandit/pull/1020) - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://redirect.github.com/PyCQA/bandit/pull/1021) - Update versions of used GitHub Actions by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://redirect.github.com/PyCQA/bandit/pull/1024) - Update pre-commit hooks by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://redirect.github.com/PyCQA/bandit/pull/1026) - Add `random.Random` to B311 checks by [@shiftinv](https://redirect.github.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://redirect.github.com/PyCQA/bandit/pull/940) - Add a copy button to all code snippets in docs by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://redirect.github.com/PyCQA/bandit/pull/1030) - Replace pbr in favor of importlib by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://redirect.github.com/PyCQA/bandit/pull/1016) - Switch from open collective to PSF by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://redirect.github.com/PyCQA/bandit/pull/1031) - Make pre-commit run Bandit hook using a single process by [@Klavionik](https://redirect.github.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://redirect.github.com/PyCQA/bandit/pull/1029) - Remove support for Python 3.7 due to end-of-life by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://redirect.github.com/PyCQA/bandit/pull/1034) - Update asserts.py documentation by [@deronnax](https://redirect.github.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://redirect.github.com/PyCQA/bandit/pull/1036) - Simplify `wrap_file_object` by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://redirect.github.com/PyCQA/bandit/pull/1037) - django_rawsql_used: support keyword arguments used in `RawSQL` by [@kevinmarsh](https://redirect.github.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://redirect.github.com/PyCQA/bandit/pull/765) - Avoid gitpyhon CVE-2022-24439 by [@carlosduelo](https://redirect.github.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://redirect.github.com/PyCQA/bandit/pull/1048) - Update blacklist call documentation by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://redirect.github.com/PyCQA/bandit/pull/1045) - Support ignoring blacklists by name by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://redirect.github.com/PyCQA/bandit/pull/1046) - Fix dependabot to update github actions by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://redirect.github.com/PyCQA/bandit/pull/1057) - Bump actions/checkout from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://redirect.github.com/PyCQA/bandit/pull/1058) - Fix for ReadtheDocs build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://redirect.github.com/PyCQA/bandit/pull/1061) - fix(plugins/B507): also detect class instances by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://redirect.github.com/PyCQA/bandit/pull/1064) - Use mirror repository for black pre-commit hook by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://redirect.github.com/PyCQA/bandit/pull/1070) - Add official support of Python 3.12 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://redirect.github.com/PyCQA/bandit/pull/1068) - Fix crash on pyproject.toml without bandit config by [@javajawa](https://redirect.github.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://redirect.github.com/PyCQA/bandit/pull/1073) - refactor: remove `importlib-metadata` fallback by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://redirect.github.com/PyCQA/bandit/pull/1066) - Fixes for sphinx build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://redirect.github.com/PyCQA/bandit/pull/1063) #### New Contributors - [@marksmayo](https://redirect.github.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://redirect.github.com/PyCQA/bandit/pull/1015) - [@shiftinv](https://redirect.github.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://redirect.github.com/PyCQA/bandit/pull/940) - [@Klavionik](https://redirect.github.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://redirect.github.com/PyCQA/bandit/pull/1029) - [@deronnax](https://redirect.github.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://redirect.github.com/PyCQA/bandit/pull/1036) - [@kevinmarsh](https://redirect.github.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://redirect.github.com/PyCQA/bandit/pull/765) - [@carlosduelo](https://redirect.github.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://redirect.github.com/PyCQA/bandit/pull/1048) - [@costaparas](https://redirect.github.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://redirect.github.com/PyCQA/bandit/pull/1045) - [@dependabot](https://redirect.github.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://redirect.github.com/PyCQA/bandit/pull/1058) - [@javajawa](https://redirect.github.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://redirect.github.com/PyCQA/bandit/pull/1073) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6psf/black (black)
### [`v24.10.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#24100) [Compare Source](https://redirect.github.com/psf/black/compare/24.8.0...24.10.0) ##### Highlights - Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. ([#4436](https://redirect.github.com/psf/black/issues/4436)) ([#4449](https://redirect.github.com/psf/black/issues/4449)) - Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. ([#4447](https://redirect.github.com/psf/black/issues/4447)) - Black no longer supports running with Python 3.8 ([#4452](https://redirect.github.com/psf/black/issues/4452)) ##### Stable style - Fix crashes involving comments in parenthesised return types or `X | Y` style unions. ([#4453](https://redirect.github.com/psf/black/issues/4453)) - Fix skipping Jupyter cells with unknown `%%` magic ([#4462](https://redirect.github.com/psf/black/issues/4462)) ##### Preview style - Fix type annotation spacing between \* and more complex type variable tuple (i.e. `def fn(*args: *tuple[*Ts, T]) -> None: pass`) ([#4440](https://redirect.github.com/psf/black/issues/4440)) ##### Caching - Fix bug where the cache was shared between runs with and without `--unstable` ([#4466](https://redirect.github.com/psf/black/issues/4466)) ##### Packaging - Upgrade version of mypyc used to 1.12 beta ([#4450](https://redirect.github.com/psf/black/issues/4450)) ([#4449](https://redirect.github.com/psf/black/issues/4449)) - `blackd` now requires a newer version of aiohttp. ([#4451](https://redirect.github.com/psf/black/issues/4451)) ##### Output - Added Python target version information on parse error ([#4378](https://redirect.github.com/psf/black/issues/4378)) - Add information about Black version to internal error messages ([#4457](https://redirect.github.com/psf/black/issues/4457)) ### [`v24.8.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2480) [Compare Source](https://redirect.github.com/psf/black/compare/24.4.2...24.8.0) ##### Stable style - Fix crash when `# fmt: off` is used before a closing parenthesis or bracket. ([#4363](https://redirect.github.com/psf/black/issues/4363)) ##### Packaging - Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. ([#4345](https://redirect.github.com/psf/black/issues/4345)) ##### Parser - Fix regression where Black failed to parse a multiline f-string containing another multiline string ([#4339](https://redirect.github.com/psf/black/issues/4339)) - Fix regression where Black failed to parse an escaped single quote inside an f-string ([#4401](https://redirect.github.com/psf/black/issues/4401)) - Fix bug with Black incorrectly parsing empty lines with a backslash ([#4343](https://redirect.github.com/psf/black/issues/4343)) - Fix bugs with Black's tokenizer not handling `\{` inside f-strings very well ([#4422](https://redirect.github.com/psf/black/issues/4422)) - Fix incorrect line numbers in the tokenizer for certain tokens within f-strings ([#4423](https://redirect.github.com/psf/black/issues/4423)) ##### Performance - Improve performance when a large directory is listed in `.gitignore` ([#4415](https://redirect.github.com/psf/black/issues/4415)) ##### *Blackd* - Fix blackd (and all extras installs) for docker container ([#4357](https://redirect.github.com/psf/black/issues/4357)) ### [`v24.4.2`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2442) [Compare Source](https://redirect.github.com/psf/black/compare/24.4.1...24.4.2) This is a bugfix release to fix two regressions in the new f-string parser introduced in 24.4.1. ##### Parser - Fix regression where certain complex f-strings failed to parse ([#4332](https://redirect.github.com/psf/black/issues/4332)) ##### Performance - Fix bad performance on certain complex string literals ([#4331](https://redirect.github.com/psf/black/issues/4331)) ### [`v24.4.1`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2441) [Compare Source](https://redirect.github.com/psf/black/compare/24.4.0...24.4.1) ##### Highlights - Add support for the new Python 3.12 f-string syntax introduced by PEP 701 ([#3822](https://redirect.github.com/psf/black/issues/3822)) ##### Stable style - Fix crash involving indented dummy functions containing newlines ([#4318](https://redirect.github.com/psf/black/issues/4318)) ##### Parser - Add support for type parameter defaults, a new syntactic feature added to Python 3.13 by PEP 696 ([#4327](https://redirect.github.com/psf/black/issues/4327)) ##### Integrations - Github Action now works even when `git archive` is skipped ([#4313](https://redirect.github.com/psf/black/issues/4313)) ### [`v24.4.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2440) [Compare Source](https://redirect.github.com/psf/black/compare/24.3.0...24.4.0) ##### Stable style - Fix unwanted crashes caused by AST equivalency check ([#4290](https://redirect.github.com/psf/black/issues/4290)) ##### Preview style - `if` guards in `case` blocks are now wrapped in parentheses when the line is too long. ([#4269](https://redirect.github.com/psf/black/issues/4269)) - Stop moving multiline strings to a new line unless inside brackets ([#4289](https://redirect.github.com/psf/black/issues/4289)) ##### Integrations - Add a new option `use_pyproject` to the GitHub Action `psf/black`. This will read the Black version from `pyproject.toml`. ([#4294](https://redirect.github.com/psf/black/issues/4294)) ### [`v24.3.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2430) [Compare Source](https://redirect.github.com/psf/black/compare/24.2.0...24.3.0) ##### Highlights This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix [CVE-2024-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503). This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher. ##### Stable style - Don't move comments along with delimiters, which could cause crashes ([#4248](https://redirect.github.com/psf/black/issues/4248)) - Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. ([#4270](https://redirect.github.com/psf/black/issues/4270)) - Fix a bug where line-ranges exceeding the last code line would not work as expected ([#4273](https://redirect.github.com/psf/black/issues/4273)) ##### Performance - Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes [CVE-2024-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503). ([#4278](https://redirect.github.com/psf/black/issues/4278)) ##### Documentation - Note what happens when `--check` is used with `--quiet` ([#4236](https://redirect.github.com/psf/black/issues/4236)) ### [`v24.2.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2420) [Compare Source](https://redirect.github.com/psf/black/compare/24.1.1...24.2.0) ##### Stable style - Fixed a bug where comments where mistakenly removed along with redundant parentheses ([#4218](https://redirect.github.com/psf/black/issues/4218)) ##### Preview style - Move the `hug_parens_with_braces_and_square_brackets` feature to the unstable style due to an outstanding crash and proposed formatting tweaks ([#4198](https://redirect.github.com/psf/black/issues/4198)) - Fixed a bug where base expressions caused inconsistent formatting of \*\* in tenary expression ([#4154](https://redirect.github.com/psf/black/issues/4154)) - Checking for newline before adding one on docstring that is almost at the line limit ([#4185](https://redirect.github.com/psf/black/issues/4185)) - Remove redundant parentheses in `case` statement `if` guards ([#4214](https://redirect.github.com/psf/black/issues/4214)). ##### Configuration - Fix issue where *Black* would ignore input files in the presence of symlinks ([#4222](https://redirect.github.com/psf/black/issues/4222)) - *Black* now ignores `pyproject.toml` that is missing a `tool.black` section when discovering project root and configuration. Since *Black* continues to use version control as an indicator of project root, this is expected to primarily change behavior for users in a monorepo setup (desirably). If you wish to preserve previous behavior, simply add an empty `[tool.black]` to the previously discovered `pyproject.toml` ([#4204](https://redirect.github.com/psf/black/issues/4204)) ##### Output - Black will swallow any `SyntaxWarning`s or `DeprecationWarning`s produced by the `ast` module when performing equivalence checks ([#4189](https://redirect.github.com/psf/black/issues/4189)) ##### Integrations - Add a JSONSchema and provide a validate-pyproject entry-point ([#4181](https://redirect.github.com/psf/black/issues/4181)) ### [`v24.1.1`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2411) [Compare Source](https://redirect.github.com/psf/black/compare/24.1.0...24.1.1) Bugfix release to fix a bug that made Black unusable on certain file systems with strict limits on path length. ##### Preview style - Consistently add trailing comma on typed parameters ([#4164](https://redirect.github.com/psf/black/issues/4164)) ##### Configuration - Shorten the length of the name of the cache file to fix crashes on file systems that do not support long paths ([#4176](https://redirect.github.com/psf/black/issues/4176)) ### [`v24.1.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2410) [Compare Source](https://redirect.github.com/psf/black/compare/23.12.1...24.1.0) ##### Highlights This release introduces the new 2024 stable style ([#4106](https://redirect.github.com/psf/black/issues/4106)), stabilizing the following changes: - Add parentheses around `if`-`else` expressions ([#2278](https://redirect.github.com/psf/black/issues/2278)) - Dummy class and function implementations consisting only of `...` are formatted more compactly ([#3796](https://redirect.github.com/psf/black/issues/3796)) - If an assignment statement is too long, we now prefer splitting on the right-hand side ([#3368](https://redirect.github.com/psf/black/issues/3368)) - Hex codes in Unicode escape sequences are now standardized to lowercase ([#2916](https://redirect.github.com/psf/black/issues/2916)) - Allow empty first lines at the beginning of most blocks ([#3967](https://redirect.github.com/psf/black/issues/3967), [#4061](https://redirect.github.com/psf/black/issues/4061)) - Add parentheses around long type annotations ([#3899](https://redirect.github.com/psf/black/issues/3899)) - Enforce newline after module docstrings ([#3932](https://redirect.github.com/psf/black/issues/3932), [#4028](https://redirect.github.com/psf/black/issues/4028)) - Fix incorrect magic trailing comma handling in return types ([#3916](https://redirect.github.com/psf/black/issues/3916)) - Remove blank lines before class docstrings ([#3692](https://redirect.github.com/psf/black/issues/3692)) - Wrap multiple context managers in parentheses if combined in a single `with` statement ([#3489](https://redirect.github.com/psf/black/issues/3489)) - Fix bug in line length calculations for power operations ([#3942](https://redirect.github.com/psf/black/issues/3942)) - Add trailing commas to collection literals even if there's a comment after the last entry ([#3393](https://redirect.github.com/psf/black/issues/3393)) - When using `--skip-magic-trailing-comma` or `-C`, trailing commas are stripped from subscript expressions with more than 1 element ([#3209](https://redirect.github.com/psf/black/issues/3209)) - Add extra blank lines in stubs in a few cases ([#3564](https://redirect.github.com/psf/black/issues/3564), [#3862](https://redirect.github.com/psf/black/issues/3862)) - Accept raw strings as docstrings ([#3947](https://redirect.github.com/psf/black/issues/3947)) - Split long lines in case blocks ([#4024](https://redirect.github.com/psf/black/issues/4024)) - Stop removing spaces from walrus operators within subscripts ([#3823](https://redirect.github.com/psf/black/issues/3823)) - Fix incorrect formatting of certain async statements ([#3609](https://redirect.github.com/psf/black/issues/3609)) - Allow combining `# fmt: skip` with other comments ([#3959](https://redirect.github.com/psf/black/issues/3959)) There are already a few improvements in the `--preview` style, which are slated for the 2025 stable style. Try them out and [share your feedback](https://redirect.github.com/psf/black/issues). In the past, the preview style has included some features that we were not able to stabilize. This year, we're adding a separate `--unstable` style for features with known problems. Now, the `--preview` style only includes features that we actually expect to make it into next year's stable style. ##### Stable style Several bug fixes were made in features that are moved to the stable style in this release: - Fix comment handling when parenthesising conditional expressions ([#4134](https://redirect.github.com/psf/black/issues/4134)) - Fix bug where spaces were not added around parenthesized walruses in subscripts, unlike other binary operators ([#4109](https://redirect.github.com/psf/black/issues/4109)) - Remove empty lines before docstrings in async functions ([#4132](https://redirect.github.com/psf/black/issues/4132)) - Address a missing case in the change to allow empty lines at the beginning of all blocks, except immediately before a docstring ([#4130](https://redirect.github.com/psf/black/issues/4130)) - For stubs, fix logic to enforce empty line after nested classes with bodies ([#4141](https://redirect.github.com/psf/black/issues/4141)) ##### Preview style - Add `--unstable` style, covering preview features that have known problems that would block them from going into the stable style. Also add the `--enable-unstable-feature` flag; for example, use `--enable-unstable-feature hug_parens_with_braces_and_square_brackets` to apply this preview feature throughout 2024, even if a later Black release downgrades the feature to unstable ([#4096](https://redirect.github.com/psf/black/issues/4096)) - Format module docstrings the same as class and function docstrings ([#4095](https://redirect.github.com/psf/black/issues/4095)) - Fix crash when using a walrus in a dictionary ([#4155](https://redirect.github.com/psf/black/issues/4155)) - Fix unnecessary parentheses when wrapping long dicts ([#4135](https://redirect.github.com/psf/black/issues/4135))Configuration
📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.