Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
PyCQA/bandit (PyCQA/bandit)
### [`v1.7.6`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.6)
[Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.5...1.7.6)
#### What's Changed
- Update bug report to include version 1.7.5 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://togithub.com/PyCQA/bandit/pull/993)
- Render Python 3.10 in drop down correctly by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://togithub.com/PyCQA/bandit/pull/997)
- Remove checks for Python2 urllib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://togithub.com/PyCQA/bandit/pull/999)
- Improper detection of non-requests module by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://togithub.com/PyCQA/bandit/pull/1011)
- xmlrpclib replaced with xmlrpc in Python3 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://togithub.com/PyCQA/bandit/pull/1012)
- language and linting updates by [@marksmayo](https://togithub.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015)
- Adds check for crypt module usage as weak hash by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://togithub.com/PyCQA/bandit/pull/1018)
- Switch to tox 4 by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://togithub.com/PyCQA/bandit/pull/1020)
- Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://togithub.com/PyCQA/bandit/pull/1021)
- Update versions of used GitHub Actions by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://togithub.com/PyCQA/bandit/pull/1024)
- Update pre-commit hooks by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://togithub.com/PyCQA/bandit/pull/1026)
- Add `random.Random` to B311 checks by [@shiftinv](https://togithub.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940)
- Add a copy button to all code snippets in docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://togithub.com/PyCQA/bandit/pull/1030)
- Replace pbr in favor of importlib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://togithub.com/PyCQA/bandit/pull/1016)
- Switch from open collective to PSF by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://togithub.com/PyCQA/bandit/pull/1031)
- Make pre-commit run Bandit hook using a single process by [@Klavionik](https://togithub.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029)
- Remove support for Python 3.7 due to end-of-life by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://togithub.com/PyCQA/bandit/pull/1034)
- Update asserts.py documentation by [@deronnax](https://togithub.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036)
- Simplify `wrap_file_object` by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://togithub.com/PyCQA/bandit/pull/1037)
- django_rawsql_used: support keyword arguments used in `RawSQL` by [@kevinmarsh](https://togithub.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765)
- Avoid gitpyhon CVE-2022-24439 by [@carlosduelo](https://togithub.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048)
- Update blacklist call documentation by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045)
- Support ignoring blacklists by name by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://togithub.com/PyCQA/bandit/pull/1046)
- Fix dependabot to update github actions by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://togithub.com/PyCQA/bandit/pull/1057)
- Bump actions/checkout from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058)
- Fix for ReadtheDocs build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://togithub.com/PyCQA/bandit/pull/1061)
- fix(plugins/B507): also detect class instances by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://togithub.com/PyCQA/bandit/pull/1064)
- Use mirror repository for black pre-commit hook by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://togithub.com/PyCQA/bandit/pull/1070)
- Add official support of Python 3.12 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://togithub.com/PyCQA/bandit/pull/1068)
- Fix crash on pyproject.toml without bandit config by [@javajawa](https://togithub.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073)
- refactor: remove `importlib-metadata` fallback by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://togithub.com/PyCQA/bandit/pull/1066)
- Fixes for sphinx build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://togithub.com/PyCQA/bandit/pull/1063)
#### New Contributors
- [@marksmayo](https://togithub.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015)
- [@shiftinv](https://togithub.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940)
- [@Klavionik](https://togithub.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029)
- [@deronnax](https://togithub.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036)
- [@kevinmarsh](https://togithub.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765)
- [@carlosduelo](https://togithub.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048)
- [@costaparas](https://togithub.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045)
- [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058)
- [@javajawa](https://togithub.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6
Configuration
π Schedule: Branch creation - "before 4am" in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.7.5
->1.7.6
Note: The
pre-commit
manager in Renovate is not supported by thepre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.Release Notes
PyCQA/bandit (PyCQA/bandit)
### [`v1.7.6`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.6) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.5...1.7.6) #### What's Changed - Update bug report to include version 1.7.5 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://togithub.com/PyCQA/bandit/pull/993) - Render Python 3.10 in drop down correctly by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://togithub.com/PyCQA/bandit/pull/997) - Remove checks for Python2 urllib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://togithub.com/PyCQA/bandit/pull/999) - Improper detection of non-requests module by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://togithub.com/PyCQA/bandit/pull/1011) - xmlrpclib replaced with xmlrpc in Python3 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://togithub.com/PyCQA/bandit/pull/1012) - language and linting updates by [@marksmayo](https://togithub.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015) - Adds check for crypt module usage as weak hash by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://togithub.com/PyCQA/bandit/pull/1018) - Switch to tox 4 by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://togithub.com/PyCQA/bandit/pull/1020) - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://togithub.com/PyCQA/bandit/pull/1021) - Update versions of used GitHub Actions by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://togithub.com/PyCQA/bandit/pull/1024) - Update pre-commit hooks by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://togithub.com/PyCQA/bandit/pull/1026) - Add `random.Random` to B311 checks by [@shiftinv](https://togithub.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940) - Add a copy button to all code snippets in docs by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://togithub.com/PyCQA/bandit/pull/1030) - Replace pbr in favor of importlib by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://togithub.com/PyCQA/bandit/pull/1016) - Switch from open collective to PSF by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://togithub.com/PyCQA/bandit/pull/1031) - Make pre-commit run Bandit hook using a single process by [@Klavionik](https://togithub.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029) - Remove support for Python 3.7 due to end-of-life by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://togithub.com/PyCQA/bandit/pull/1034) - Update asserts.py documentation by [@deronnax](https://togithub.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036) - Simplify `wrap_file_object` by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://togithub.com/PyCQA/bandit/pull/1037) - django_rawsql_used: support keyword arguments used in `RawSQL` by [@kevinmarsh](https://togithub.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765) - Avoid gitpyhon CVE-2022-24439 by [@carlosduelo](https://togithub.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048) - Update blacklist call documentation by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045) - Support ignoring blacklists by name by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://togithub.com/PyCQA/bandit/pull/1046) - Fix dependabot to update github actions by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://togithub.com/PyCQA/bandit/pull/1057) - Bump actions/checkout from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058) - Fix for ReadtheDocs build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://togithub.com/PyCQA/bandit/pull/1061) - fix(plugins/B507): also detect class instances by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://togithub.com/PyCQA/bandit/pull/1064) - Use mirror repository for black pre-commit hook by [@mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://togithub.com/PyCQA/bandit/pull/1070) - Add official support of Python 3.12 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://togithub.com/PyCQA/bandit/pull/1068) - Fix crash on pyproject.toml without bandit config by [@javajawa](https://togithub.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073) - refactor: remove `importlib-metadata` fallback by [@mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://togithub.com/PyCQA/bandit/pull/1066) - Fixes for sphinx build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://togithub.com/PyCQA/bandit/pull/1063) #### New Contributors - [@marksmayo](https://togithub.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015) - [@shiftinv](https://togithub.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940) - [@Klavionik](https://togithub.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029) - [@deronnax](https://togithub.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036) - [@kevinmarsh](https://togithub.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765) - [@carlosduelo](https://togithub.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048) - [@costaparas](https://togithub.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045) - [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058) - [@javajawa](https://togithub.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6Configuration
π Schedule: Branch creation - "before 4am" in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.