codecov[bot]
commented
9 months ago Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 100.00%. Comparing base (
426053a) to head (68900ba). Report is 1 commits behind head on master.:exclamation: Current head 68900ba differs from pull request most recent head 5ffb724
Please upload reports for the commit 5ffb724 to get more accurate results.
Additional details and impacted files
```diff @@ Coverage Diff @@ ## master #846 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 14 14 Lines 834 834 Branches 62 62 ========================================= Hits 834 834 ```:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
This PR contains the following updates:
==1.7.6->==1.7.10Release Notes
PyCQA/bandit (bandit)
### [`v1.7.10`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.10) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.9...1.7.10) #### What's Changed - Bump docker/build-push-action from 5.4.0 to 6.0.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1147](https://redirect.github.com/PyCQA/bandit/pull/1147) - Suggested small refactors in assignments by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1150](https://redirect.github.com/PyCQA/bandit/pull/1150) - Performance improvement in blacklist function by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1148](https://redirect.github.com/PyCQA/bandit/pull/1148) - Add test for usage of FTP_TLS by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1149](https://redirect.github.com/PyCQA/bandit/pull/1149) - New check: B113: TrojanSource - Bidirectional control characters by [@Lucas-C](https://redirect.github.com/Lucas-C) in [https://github.com/PyCQA/bandit/pull/757](https://redirect.github.com/PyCQA/bandit/pull/757) - Bump docker/build-push-action from 6.0.0 to 6.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1152](https://redirect.github.com/PyCQA/bandit/pull/1152) - feat(plugins): add support for `httpx` in `B113` by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1060](https://redirect.github.com/PyCQA/bandit/pull/1060) - Nit: remove unused variable by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1153](https://redirect.github.com/PyCQA/bandit/pull/1153) - Add recent releases to version choice in bug report by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1151](https://redirect.github.com/PyCQA/bandit/pull/1151) - Bump docker/build-push-action from 6.1.0 to 6.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1155](https://redirect.github.com/PyCQA/bandit/pull/1155) - Bump docker/build-push-action from 6.2.0 to 6.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1157](https://redirect.github.com/PyCQA/bandit/pull/1157) - Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1156](https://redirect.github.com/PyCQA/bandit/pull/1156) - Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1158](https://redirect.github.com/PyCQA/bandit/pull/1158) - Bump docker/login-action from 3.2.0 to 3.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1159](https://redirect.github.com/PyCQA/bandit/pull/1159) - Bump docker/build-push-action from 6.3.0 to 6.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1160](https://redirect.github.com/PyCQA/bandit/pull/1160) - Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1163](https://redirect.github.com/PyCQA/bandit/pull/1163) - Bump docker/build-push-action from 6.5.0 to 6.6.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1166](https://redirect.github.com/PyCQA/bandit/pull/1166) - Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1165](https://redirect.github.com/PyCQA/bandit/pull/1165) - Bump docker/build-push-action from 6.6.1 to 6.7.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1168](https://redirect.github.com/PyCQA/bandit/pull/1168) - Use consistent file naming of docs by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1170](https://redirect.github.com/PyCQA/bandit/pull/1170) - Pytorch Load / Save Plugin by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1114](https://redirect.github.com/PyCQA/bandit/pull/1114) #### New Contributors - [@Lucas-C](https://redirect.github.com/Lucas-C) made their first contribution in [https://github.com/PyCQA/bandit/pull/757](https://redirect.github.com/PyCQA/bandit/pull/757) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.9...1.7.10 ### [`v1.7.9`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.9) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.8...1.7.9) #### What's Changed - Bump docker/build-push-action from 5.1.0 to 5.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1117](https://redirect.github.com/PyCQA/bandit/pull/1117) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119) - New logo for Bandit based on raccoon by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1121](https://redirect.github.com/PyCQA/bandit/pull/1121) - Start testing on Python 3.13 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1122](https://redirect.github.com/PyCQA/bandit/pull/1122) - Bump docker/build-push-action from 5.2.0 to 5.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1123](https://redirect.github.com/PyCQA/bandit/pull/1123) - Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1124](https://redirect.github.com/PyCQA/bandit/pull/1124) - Bump docker/login-action from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1125](https://redirect.github.com/PyCQA/bandit/pull/1125) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1126](https://redirect.github.com/PyCQA/bandit/pull/1126) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1127](https://redirect.github.com/PyCQA/bandit/pull/1127) - Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1130](https://redirect.github.com/PyCQA/bandit/pull/1130) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1131](https://redirect.github.com/PyCQA/bandit/pull/1131) - Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1132](https://redirect.github.com/PyCQA/bandit/pull/1132) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1133](https://redirect.github.com/PyCQA/bandit/pull/1133) - Updates banner logo so it renders well in dark mode by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1134](https://redirect.github.com/PyCQA/bandit/pull/1134) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1135](https://redirect.github.com/PyCQA/bandit/pull/1135) - Add a sponsor section to README by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1137](https://redirect.github.com/PyCQA/bandit/pull/1137) - Ensure sarif extra is included as part of doc build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1139](https://redirect.github.com/PyCQA/bandit/pull/1139) - Bump docker/login-action from 3.1.0 to 3.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1142](https://redirect.github.com/PyCQA/bandit/pull/1142) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1143](https://redirect.github.com/PyCQA/bandit/pull/1143) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1145](https://redirect.github.com/PyCQA/bandit/pull/1145) - Guard against empty call argument list by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1146](https://redirect.github.com/PyCQA/bandit/pull/1146) - Bump docker/build-push-action from 5.3.0 to 5.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1144](https://redirect.github.com/PyCQA/bandit/pull/1144) - Support `configfile` in `.bandit` file by [@bersbersbers](https://redirect.github.com/bersbersbers) in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052) #### New Contributors - [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) made their first contribution in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119) - [@bersbersbers](https://redirect.github.com/bersbersbers) made their first contribution in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9 ### [`v1.7.8`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://redirect.github.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://redirect.github.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://redirect.github.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://redirect.github.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://redirect.github.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@etienneschalk](https://redirect.github.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://redirect.github.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://redirect.github.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://redirect.github.com/PyCQA/bandit/pull/1113) #### New Contributors - [@etienneschalk](https://redirect.github.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111) - [@shihai1991](https://redirect.github.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8 ### [`v1.7.7`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.7) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.6...1.7.7) #### What's Changed - Add the new release to bandit versions of bug template by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1075](https://redirect.github.com/PyCQA/bandit/pull/1075) - Bump actions/setup-python from 4 to 5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1076](https://redirect.github.com/PyCQA/bandit/pull/1076) - Handle variant in how policy is passed in paramiko by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1078](https://redirect.github.com/PyCQA/bandit/pull/1078) - Flag str.replace as possible sql injection by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1044](https://redirect.github.com/PyCQA/bandit/pull/1044) - defusedxml: Show correct module name by [@kajinamit](https://redirect.github.com/kajinamit) in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081) - Add tidelift to the sponsor funding list by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1089](https://redirect.github.com/PyCQA/bandit/pull/1089) - Create a security policy by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1091](https://redirect.github.com/PyCQA/bandit/pull/1091) - Fix up issues found running Bandit on itself by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1093](https://redirect.github.com/PyCQA/bandit/pull/1093) - Add random.randbytes to blacklist calls by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1096](https://redirect.github.com/PyCQA/bandit/pull/1096) - Prepend ./ for files specified as CLI args by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1094](https://redirect.github.com/PyCQA/bandit/pull/1094) - Rework GitPython dependency to be an extra for bandit-baseline by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1099](https://redirect.github.com/PyCQA/bandit/pull/1099) - Bump actions/dependency-review-action from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1101](https://redirect.github.com/PyCQA/bandit/pull/1101) - Introduce Official Bandit Images by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1088](https://redirect.github.com/PyCQA/bandit/pull/1088) - Remove markdown formatting in reStructuredText formatted README by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1103](https://redirect.github.com/PyCQA/bandit/pull/1103) - Downsize the org:repo name by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1104](https://redirect.github.com/PyCQA/bandit/pull/1104) #### New Contributors - [@kajinamit](https://redirect.github.com/kajinamit) made their first contribution in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.