search

tanlin2013 / mbl

Many-body localization
https://tanlin2013.github.io/mbl/
MIT License
1 stars 0 forks source link

chore(deps): update dependency bandit to v1.7.9 #28

Open renovate[bot] opened 6 months ago

renovate[bot] commented 6 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
bandit (source, changelog) 1.7.4 -> 1.7.9 age adoption passing confidence

Release Notes

PyCQA/bandit (bandit) ### [`v1.7.9`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.9) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.8...1.7.9) #### What's Changed - Bump docker/build-push-action from 5.1.0 to 5.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1117](https://togithub.com/PyCQA/bandit/pull/1117) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1119](https://togithub.com/PyCQA/bandit/pull/1119) - New logo for Bandit based on raccoon by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1121](https://togithub.com/PyCQA/bandit/pull/1121) - Start testing on Python 3.13 by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1122](https://togithub.com/PyCQA/bandit/pull/1122) - Bump docker/build-push-action from 5.2.0 to 5.3.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1123](https://togithub.com/PyCQA/bandit/pull/1123) - Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1124](https://togithub.com/PyCQA/bandit/pull/1124) - Bump docker/login-action from 3.0.0 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1125](https://togithub.com/PyCQA/bandit/pull/1125) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1126](https://togithub.com/PyCQA/bandit/pull/1126) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1127](https://togithub.com/PyCQA/bandit/pull/1127) - Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1130](https://togithub.com/PyCQA/bandit/pull/1130) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1131](https://togithub.com/PyCQA/bandit/pull/1131) - Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1132](https://togithub.com/PyCQA/bandit/pull/1132) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1133](https://togithub.com/PyCQA/bandit/pull/1133) - Updates banner logo so it renders well in dark mode by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1134](https://togithub.com/PyCQA/bandit/pull/1134) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1135](https://togithub.com/PyCQA/bandit/pull/1135) - Add a sponsor section to README by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1137](https://togithub.com/PyCQA/bandit/pull/1137) - Ensure sarif extra is included as part of doc build by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1139](https://togithub.com/PyCQA/bandit/pull/1139) - Bump docker/login-action from 3.1.0 to 3.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1142](https://togithub.com/PyCQA/bandit/pull/1142) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1143](https://togithub.com/PyCQA/bandit/pull/1143) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1145](https://togithub.com/PyCQA/bandit/pull/1145) - Guard against empty call argument list by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1146](https://togithub.com/PyCQA/bandit/pull/1146) - Bump docker/build-push-action from 5.3.0 to 5.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1144](https://togithub.com/PyCQA/bandit/pull/1144) - Support `configfile` in `.bandit` file by [@​bersbersbers](https://togithub.com/bersbersbers) in [https://github.com/PyCQA/bandit/pull/1052](https://togithub.com/PyCQA/bandit/pull/1052) #### New Contributors - [@​pre-commit-ci](https://togithub.com/pre-commit-ci) made their first contribution in [https://github.com/PyCQA/bandit/pull/1119](https://togithub.com/PyCQA/bandit/pull/1119) - [@​bersbersbers](https://togithub.com/bersbersbers) made their first contribution in [https://github.com/PyCQA/bandit/pull/1052](https://togithub.com/PyCQA/bandit/pull/1052) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9 ### [`v1.7.8`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@​lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://togithub.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://togithub.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://togithub.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://togithub.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://togithub.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@​etienneschalk](https://togithub.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://togithub.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@​shihai1991](https://togithub.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://togithub.com/PyCQA/bandit/pull/1113) #### New Contributors - [@​etienneschalk](https://togithub.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - [@​shihai1991](https://togithub.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8 ### [`v1.7.7`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.7) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.6...1.7.7) #### What's Changed - Add the new release to bandit versions of bug template by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1075](https://togithub.com/PyCQA/bandit/pull/1075) - Bump actions/setup-python from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1076](https://togithub.com/PyCQA/bandit/pull/1076) - Handle variant in how policy is passed in paramiko by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1078](https://togithub.com/PyCQA/bandit/pull/1078) - Flag str.replace as possible sql injection by [@​costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1044](https://togithub.com/PyCQA/bandit/pull/1044) - defusedxml: Show correct module name by [@​kajinamit](https://togithub.com/kajinamit) in [https://github.com/PyCQA/bandit/pull/1081](https://togithub.com/PyCQA/bandit/pull/1081) - Add tidelift to the sponsor funding list by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1089](https://togithub.com/PyCQA/bandit/pull/1089) - Create a security policy by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1091](https://togithub.com/PyCQA/bandit/pull/1091) - Fix up issues found running Bandit on itself by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1093](https://togithub.com/PyCQA/bandit/pull/1093) - Add random.randbytes to blacklist calls by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1096](https://togithub.com/PyCQA/bandit/pull/1096) - Prepend ./ for files specified as CLI args by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1094](https://togithub.com/PyCQA/bandit/pull/1094) - Rework GitPython dependency to be an extra for bandit-baseline by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1099](https://togithub.com/PyCQA/bandit/pull/1099) - Bump actions/dependency-review-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1101](https://togithub.com/PyCQA/bandit/pull/1101) - Introduce Official Bandit Images by [@​lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1088](https://togithub.com/PyCQA/bandit/pull/1088) - Remove markdown formatting in reStructuredText formatted README by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1103](https://togithub.com/PyCQA/bandit/pull/1103) - Downsize the org:repo name by [@​lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1104](https://togithub.com/PyCQA/bandit/pull/1104) #### New Contributors - [@​kajinamit](https://togithub.com/kajinamit) made their first contribution in [https://github.com/PyCQA/bandit/pull/1081](https://togithub.com/PyCQA/bandit/pull/1081) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7 ### [`v1.7.6`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.6) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.5...1.7.6) #### What's Changed - Update bug report to include version 1.7.5 by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://togithub.com/PyCQA/bandit/pull/993) - Render Python 3.10 in drop down correctly by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://togithub.com/PyCQA/bandit/pull/997) - Remove checks for Python2 urllib by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://togithub.com/PyCQA/bandit/pull/999) - Improper detection of non-requests module by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://togithub.com/PyCQA/bandit/pull/1011) - xmlrpclib replaced with xmlrpc in Python3 by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://togithub.com/PyCQA/bandit/pull/1012) - language and linting updates by [@​marksmayo](https://togithub.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015) - Adds check for crypt module usage as weak hash by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://togithub.com/PyCQA/bandit/pull/1018) - Switch to tox 4 by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://togithub.com/PyCQA/bandit/pull/1020) - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://togithub.com/PyCQA/bandit/pull/1021) - Update versions of used GitHub Actions by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://togithub.com/PyCQA/bandit/pull/1024) - Update pre-commit hooks by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://togithub.com/PyCQA/bandit/pull/1026) - Add `random.Random` to B311 checks by [@​shiftinv](https://togithub.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940) - Add a copy button to all code snippets in docs by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://togithub.com/PyCQA/bandit/pull/1030) - Replace pbr in favor of importlib by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://togithub.com/PyCQA/bandit/pull/1016) - Switch from open collective to PSF by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://togithub.com/PyCQA/bandit/pull/1031) - Make pre-commit run Bandit hook using a single process by [@​Klavionik](https://togithub.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029) - Remove support for Python 3.7 due to end-of-life by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://togithub.com/PyCQA/bandit/pull/1034) - Update asserts.py documentation by [@​deronnax](https://togithub.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036) - Simplify `wrap_file_object` by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://togithub.com/PyCQA/bandit/pull/1037) - django_rawsql_used: support keyword arguments used in `RawSQL` by [@​kevinmarsh](https://togithub.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765) - Avoid gitpyhon CVE-2022-24439 by [@​carlosduelo](https://togithub.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048) - Update blacklist call documentation by [@​costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045) - Support ignoring blacklists by name by [@​costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://togithub.com/PyCQA/bandit/pull/1046) - Fix dependabot to update github actions by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://togithub.com/PyCQA/bandit/pull/1057) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058) - Fix for ReadtheDocs build by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://togithub.com/PyCQA/bandit/pull/1061) - fix(plugins/B507): also detect class instances by [@​mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://togithub.com/PyCQA/bandit/pull/1064) - Use mirror repository for black pre-commit hook by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://togithub.com/PyCQA/bandit/pull/1070) - Add official support of Python 3.12 by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://togithub.com/PyCQA/bandit/pull/1068) - Fix crash on pyproject.toml without bandit config by [@​javajawa](https://togithub.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073) - refactor: remove `importlib-metadata` fallback by [@​mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://togithub.com/PyCQA/bandit/pull/1066) - Fixes for sphinx build by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://togithub.com/PyCQA/bandit/pull/1063) #### New Contributors - [@​marksmayo](https://togithub.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://togithub.com/PyCQA/bandit/pull/1015) - [@​shiftinv](https://togithub.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://togithub.com/PyCQA/bandit/pull/940) - [@​Klavionik](https://togithub.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://togithub.com/PyCQA/bandit/pull/1029) - [@​deronnax](https://togithub.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://togithub.com/PyCQA/bandit/pull/1036) - [@​kevinmarsh](https://togithub.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://togithub.com/PyCQA/bandit/pull/765) - [@​carlosduelo](https://togithub.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://togithub.com/PyCQA/bandit/pull/1048) - [@​costaparas](https://togithub.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://togithub.com/PyCQA/bandit/pull/1045) - [@​dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://togithub.com/PyCQA/bandit/pull/1058) - [@​javajawa](https://togithub.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://togithub.com/PyCQA/bandit/pull/1073) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6 ### [`v1.7.5`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.5) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.4...1.7.5) #### What's Changed - Add an example screen shot of Bandit to README by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/847](https://togithub.com/PyCQA/bandit/pull/847) - Bad link to screen shot by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/848](https://togithub.com/PyCQA/bandit/pull/848) - Use a constant for weak hashes by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/850](https://togithub.com/PyCQA/bandit/pull/850) - Group location line with code output by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/822](https://togithub.com/PyCQA/bandit/pull/822) - Fix line range using Python 3.8 end_lineno by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/821](https://togithub.com/PyCQA/bandit/pull/821) - Add classifier to indicate Py3 only by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/853](https://togithub.com/PyCQA/bandit/pull/853) - Removal of blacklist call B309 httpsconnection by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/858](https://togithub.com/PyCQA/bandit/pull/858) - Remove blacklist call check for os.tempnam by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/859](https://togithub.com/PyCQA/bandit/pull/859) - Indiciate hash type in message by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/860](https://togithub.com/PyCQA/bandit/pull/860) - Add the httpx module check for verify by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/861](https://togithub.com/PyCQA/bandit/pull/861) - Add doc for hashlib plugin by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/862](https://togithub.com/PyCQA/bandit/pull/862) - Make use of rich for progress bar by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/863](https://togithub.com/PyCQA/bandit/pull/863) - Replace `toml` with `tomli` by [@​mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/829](https://togithub.com/PyCQA/bandit/pull/829) - Fix up B109 and B111 removed plugins docs by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/864](https://togithub.com/PyCQA/bandit/pull/864) - add check for "requests" calls without timeout by [@​mschfh](https://togithub.com/mschfh) in [https://github.com/PyCQA/bandit/pull/743](https://togithub.com/PyCQA/bandit/pull/743) - Fix for build breaks in format job by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/869](https://togithub.com/PyCQA/bandit/pull/869) - Add license and contributing links to docs by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/867](https://togithub.com/PyCQA/bandit/pull/867) - Remove redundant word Bandit in titles of sections by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/873](https://togithub.com/PyCQA/bandit/pull/873) - Add request for feedback via πŸ‘ by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/871](https://togithub.com/PyCQA/bandit/pull/871) - Add a Discord link to the docs by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/870](https://togithub.com/PyCQA/bandit/pull/870) - Adding logging.config.listen() plugin with examples by [@​raj3shp](https://togithub.com/raj3shp) in [https://github.com/PyCQA/bandit/pull/874](https://togithub.com/PyCQA/bandit/pull/874) - Removal of ghugo by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/881](https://togithub.com/PyCQA/bandit/pull/881) - Remove redundant pip line by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/884](https://togithub.com/PyCQA/bandit/pull/884) - Corrected documentation on configuration by [@​a-takahashi223](https://togithub.com/a-takahashi223) in [https://github.com/PyCQA/bandit/pull/868](https://togithub.com/PyCQA/bandit/pull/868) - Start testing against Python 3.11 by [@​mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/887](https://togithub.com/PyCQA/bandit/pull/887) - Add myself to sponsor list by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/885](https://togithub.com/PyCQA/bandit/pull/885) - Add Discord link to README by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/875](https://togithub.com/PyCQA/bandit/pull/875) - Update action versions in Actions workflows ([#​890](https://togithub.com/PyCQA/bandit/issues/890)) by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/893](https://togithub.com/PyCQA/bandit/pull/893) - Add dependency review action by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/891](https://togithub.com/PyCQA/bandit/pull/891) - Fix an unclosed tag in HTML formatter by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/896](https://togithub.com/PyCQA/bandit/pull/896) - 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by [@​rajaramsrn](https://togithub.com/rajaramsrn) in [https://github.com/PyCQA/bandit/pull/897](https://togithub.com/PyCQA/bandit/pull/897) - Make small fixes in docs by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/899](https://togithub.com/PyCQA/bandit/pull/899) - Specify semver range for Python 3.11 by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/901](https://togithub.com/PyCQA/bandit/pull/901) - Add another bad example of yaml load by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/905](https://togithub.com/PyCQA/bandit/pull/905) - Add releases link in "Version control integration" by [@​travisjungroth](https://togithub.com/travisjungroth) in [https://github.com/PyCQA/bandit/pull/909](https://togithub.com/PyCQA/bandit/pull/909) - Update version of dependency-review-action by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/911](https://togithub.com/PyCQA/bandit/pull/911) - Avoid redundant message if debug on by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/913](https://togithub.com/PyCQA/bandit/pull/913) - Remove invalid checking on hashlib by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/914](https://togithub.com/PyCQA/bandit/pull/914) - Add some missing curve types by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/920](https://togithub.com/PyCQA/bandit/pull/920) - add jsonpickle deserialization blacklist by [@​SugarP1g](https://togithub.com/SugarP1g) in [https://github.com/PyCQA/bandit/pull/707](https://togithub.com/PyCQA/bandit/pull/707) - Fix reading the number argument from config file by [@​KAUTH](https://togithub.com/KAUTH) in [https://github.com/PyCQA/bandit/pull/923](https://togithub.com/PyCQA/bandit/pull/923) - Add end_col_offset if available by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/851](https://togithub.com/PyCQA/bandit/pull/851) - Enhancement Proposal: Plugin "assert_used" config-skip snippet by [@​marianomartinelli](https://togithub.com/marianomartinelli) in [https://github.com/PyCQA/bandit/pull/695](https://togithub.com/PyCQA/bandit/pull/695) - Blacklist pandas read_pickle and add functional test for it by [@​jaspersival](https://togithub.com/jaspersival) in [https://github.com/PyCQA/bandit/pull/710](https://togithub.com/PyCQA/bandit/pull/710) - Docs for request without timeout has dead link by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/925](https://togithub.com/PyCQA/bandit/pull/925) - Add case for global exec by [@​tonybaloney](https://togithub.com/tonybaloney) in [https://github.com/PyCQA/bandit/pull/570](https://togithub.com/PyCQA/bandit/pull/570) - Fix a false positive condition yaml_load by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/927](https://togithub.com/PyCQA/bandit/pull/927) - Fix issue [#​453](https://togithub.com/PyCQA/bandit/issues/453) jinja2 template select_autoescape when using jinja2.select_autoescape by [@​kinow](https://togithub.com/kinow) in [https://github.com/PyCQA/bandit/pull/454](https://togithub.com/PyCQA/bandit/pull/454) - Adding tarfile.extractall() plugin with examples by [@​yilmi](https://togithub.com/yilmi) in [https://github.com/PyCQA/bandit/pull/549](https://togithub.com/PyCQA/bandit/pull/549) - Check for deprecated TLS 1.1 by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/928](https://togithub.com/PyCQA/bandit/pull/928) - weak_cryptographic_key assumes positional arg by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/930](https://togithub.com/PyCQA/bandit/pull/930) - Fix filename of B202 in docs by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/932](https://togithub.com/PyCQA/bandit/pull/932) - Remove python 2 reference in docs by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/933](https://togithub.com/PyCQA/bandit/pull/933) - Pass correct number of arguments to match the `%s` placeholders. by [@​mportesdev](https://togithub.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/934](https://togithub.com/PyCQA/bandit/pull/934) - Fixup some invalid pickle testing by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/924](https://togithub.com/PyCQA/bandit/pull/924) - Fix json and yaml formatters to respect num lines by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/929](https://togithub.com/PyCQA/bandit/pull/929) - Fix AttributeError on detect of tuple assign condition by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/931](https://togithub.com/PyCQA/bandit/pull/931) - \[docs] Mention `exclude_dirs` option available in TOML and YAML by [@​bittner](https://togithub.com/bittner) in [https://github.com/PyCQA/bandit/pull/876](https://togithub.com/PyCQA/bandit/pull/876) - Typo fix by [@​PermanAtayev](https://togithub.com/PermanAtayev) in [https://github.com/PyCQA/bandit/pull/945](https://togithub.com/PyCQA/bandit/pull/945) - remove py2 exec example in docs by [@​clavedeluna](https://togithub.com/clavedeluna) in [https://github.com/PyCQA/bandit/pull/947](https://togithub.com/PyCQA/bandit/pull/947) - Add official Python 3.11 support by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/964](https://togithub.com/PyCQA/bandit/pull/964) - DOC: Add explanation on how to use pre-commit with config file by [@​phofl](https://togithub.com/phofl) in [https://github.com/PyCQA/bandit/pull/968](https://togithub.com/PyCQA/bandit/pull/968) - Fix breaking build due to new tox by [@​ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/983](https://togithub.com/PyCQA/bandit/pull/983) - Correct build status badge in README by [@​gliptak](https://togithub.com/gliptak) in [https://github.com/PyCQA/bandit/pull/980](https://togithub.com/PyCQA/bandit/pull/980) - Improve detecting SQL injections in f-strings by [@​kfrydel](https://togithub.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/917](https://togithub.com/PyCQA/bandit/pull/917) - Improve handling nosec for multi-line strings by [@​kfrydel](https://togithub.com/kfrydel) in [https://github.com/PyCQA/bandit/pull/915](https://togithub.com/PyCQA/bandit/pull/915) - Check for github action updates monthly by [@​jlosito](https://togithub.com/jlosito) in [https://github.com/PyCQA/bandit/pull/989](https://togithub.com/PyCQA/bandit/pull/989) - Added a bit more `project_urls` by [@​KOLANICH](https://togithub.com/KOLANICH) in [https://github.com/PyCQA/bandit/pull/985](https://togithub.com/PyCQA/bandit/pull/985) #### New Contributors - [@​mschfh](https://togithub.com/mschfh) made their first contribution in [https://github.com/PyCQA/bandit/pull/743](https://togithub.com/PyCQA/bandit/pull/743) - [@​raj3shp](https://togithub.com/raj3shp) made their first contribution in [https://github.com/PyCQA/bandit/pull/874](https://togithub.com/PyCQA/bandit/pull/874) - [@​a-takahashi223](https://togithub.com/a-takahashi223) made their first contribution in [https://github.com/PyCQA/bandit/pull/868](https://togithub.com/PyCQA/bandit/pull/868) - [@​mportesdev](https://togithub.com/mportesdev) made their first contribution in [https://github.com/PyCQA/bandit/pull/893](https://togithub.com/PyCQA/bandit/pull/893) - [@​rajaramsrn](https://togithub.com/rajaramsrn) made their first contribution in [https://github.com/PyCQA/bandit/pull/897](https://togithub.com/PyCQA/bandit/pull/897) - [@​travisjungroth](https://togithub.com/travisjungroth) made their first contribution in [https://github.com/PyCQA/bandit/pull/909](https://togithub.com/PyCQA/bandit/pull/909) - [@​SugarP1g](https://togithub.com/SugarP1g) made their first contribution in [https://github.com/PyCQA/bandit/pull/707](https://togithub.com/PyCQA/bandit/pull/707) - [@​KAUTH](https://togithub.com/KAUTH) made their first contribution in [https://github.com/PyCQA/bandit/pull/923](https://togithub.com/PyCQA/bandit/pull/923) - [@​marianomartinelli](https://togithub.com/marianomartinelli) made their first contribution in [https://github.com/PyCQA/bandit/pull/695](https://togithub.com/PyCQA/bandit/pull/695) - [@​jaspersival](https://togithub.com/jaspersival) made their first contribution in [https://github.com/PyCQA/bandit/pull/710](https://togithub.com/PyCQA/bandit/pull/710) - [@​kinow](https://togithub.com/kinow) made their first contribution in [https://github.com/PyCQA/bandit/pull/454](https://togithub.com/PyCQA/bandit/pull/454) - [@​yilmi](https://togithub.com/yilmi) made their first contribution in [https://github.com/PyCQA/bandit/pull/549](https://togithub.com/PyCQA/bandit/pull/549) - [@​PermanAtayev](https://togithub.com/PermanAtayev) made their first contribution in [https://github.com/PyCQA/bandit/pull/945](https://togithub.com/PyCQA/bandit/pull/945) - [@​clavedeluna](https://togithub.com/clavedeluna) made their first contribution in [https://github.com/PyCQA/bandit/pull/947](https://togithub.com/PyCQA/bandit/pull/947) - [@​phofl](https://togithub.com/phofl) made their first contribution in [https://github.com/PyCQA/bandit/pull/968](https://togithub.com/PyCQA/bandit/pull/968) - [@​gliptak](https://togithub.com/gliptak) made their first contribution in [https://github.com/PyCQA/bandit/pull/980](https://togithub.com/PyCQA/bandit/pull/980) - [@​kfrydel](https://togithub.com/kfrydel) made their first contribution in [https://github.com/PyCQA/bandit/pull/917](https://togithub.com/PyCQA/bandit/pull/917) - [@​jlosito](https://togithub.com/jlosito) made their first contribution in [https://github.com/PyCQA/bandit/pull/989](https://togithub.com/PyCQA/bandit/pull/989) - [@​KOLANICH](https://togithub.com/KOLANICH) made their first contribution in [https://github.com/PyCQA/bandit/pull/985](https://togithub.com/PyCQA/bandit/pull/985) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.