Update dependency bandit to v1.8.0 (!108) · Merge requests · Water Mission Area / nhgf / Tools / gdptools

igswsihw-wmadepbot requested to merge renovate/bandit-1.x into develop Nov 23, 2024

This MR contains the following updates:

Package	Type	Update	Change
bandit (source, changelog)	dev	minor	`1.7.3` -> `1.8.0`

Release Notes

PyCQA/bandit (bandit)

`v1.8.0`

Compare Source

What's Changed

Bump docker/build-push-action from 6.7.0 to 6.9.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1178
Rename doc file to match proper bandit ID by @ericwb in https://github.com/PyCQA/bandit/pull/1183
Removal of Python 3.8 support by @ericwb in https://github.com/PyCQA/bandit/pull/1174
Add more insecure cryptography cipher algorithms by @ericwb in https://github.com/PyCQA/bandit/pull/1185
Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @dependabot in https://github.com/PyCQA/bandit/pull/1186
Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1187
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/PyCQA/bandit/pull/1162
No need to check httpx client without timeout defined by @ericwb in https://github.com/PyCQA/bandit/pull/1177
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/PyCQA/bandit/pull/1191
Mark Python 3.13 as officially supported by @ericwb in https://github.com/PyCQA/bandit/pull/1192
Update project urls with added links by @ericwb in https://github.com/PyCQA/bandit/pull/1193
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/PyCQA/bandit/pull/1196
Add a JSON to seek funding from the FLOSS/fund by @ericwb in https://github.com/PyCQA/bandit/pull/1194
Remove Sentry as a sponsor by @ericwb in https://github.com/PyCQA/bandit/pull/1198
Remove more leftover OpenStack references by @ericwb in https://github.com/PyCQA/bandit/pull/1195

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.10...1.8.0

`v1.7.10`

Compare Source

What's Changed

Bump docker/build-push-action from 5.4.0 to 6.0.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1147
Suggested small refactors in assignments by @ericwb in https://github.com/PyCQA/bandit/pull/1150
Performance improvement in blacklist function by @ericwb in https://github.com/PyCQA/bandit/pull/1148
Add test for usage of FTP_TLS by @ericwb in https://github.com/PyCQA/bandit/pull/1149
New check: B113: TrojanSource - Bidirectional control characters by @Lucas-C in https://github.com/PyCQA/bandit/pull/757
Bump docker/build-push-action from 6.0.0 to 6.1.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1152
feat(plugins): add support for httpx in B113 by @mkniewallner in https://github.com/PyCQA/bandit/pull/1060
Nit: remove unused variable by @ericwb in https://github.com/PyCQA/bandit/pull/1153
Add recent releases to version choice in bug report by @ericwb in https://github.com/PyCQA/bandit/pull/1151
Bump docker/build-push-action from 6.1.0 to 6.2.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1155
Bump docker/build-push-action from 6.2.0 to 6.3.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1157
Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1156
Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1158
Bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1159
Bump docker/build-push-action from 6.3.0 to 6.5.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1160
Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @dependabot in https://github.com/PyCQA/bandit/pull/1163
Bump docker/build-push-action from 6.5.0 to 6.6.1 by @dependabot in https://github.com/PyCQA/bandit/pull/1166
Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1165
Bump docker/build-push-action from 6.6.1 to 6.7.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1168
Use consistent file naming of docs by @ericwb in https://github.com/PyCQA/bandit/pull/1170
Pytorch Load / Save Plugin by @lukehinds in https://github.com/PyCQA/bandit/pull/1114

What's Changed

Incorrect tag naming in readme by @lukehinds in https://github.com/PyCQA/bandit/pull/1105
Utilize PyPI's trusted publishing by @ericwb in https://github.com/PyCQA/bandit/pull/1107
Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1109
Add 1.7.7 to versions of bug template by @ericwb in https://github.com/PyCQA/bandit/pull/1110
Use datetime to avoid updating copyright year by @ericwb in https://github.com/PyCQA/bandit/pull/1112
filter data is safe for tarfile extractall by @etienneschalk in https://github.com/PyCQA/bandit/pull/1111
Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1115
[B605] Add functions that are vulnerable to shell injection. by @shihai1991 in https://github.com/PyCQA/bandit/pull/1116
Add a SARIF output formatter by @ericwb in https://github.com/PyCQA/bandit/pull/1113

New Contributors

@etienneschalk made their first contribution in https://github.com/PyCQA/bandit/pull/1111
@shihai1991 made their first contribution in https://github.com/PyCQA/bandit/pull/1116

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8

`v1.7.7`

Compare Source

What's Changed

Add the new release to bandit versions of bug template by @ericwb in https://github.com/PyCQA/bandit/pull/1075
Bump actions/setup-python from 4 to 5 by @dependabot in https://github.com/PyCQA/bandit/pull/1076
Handle variant in how policy is passed in paramiko by @ericwb in https://github.com/PyCQA/bandit/pull/1078
Flag str.replace as possible sql injection by @costaparas in https://github.com/PyCQA/bandit/pull/1044
defusedxml: Show correct module name by @kajinamit in https://github.com/PyCQA/bandit/pull/1081
Add tidelift to the sponsor funding list by @ericwb in https://github.com/PyCQA/bandit/pull/1089
Create a security policy by @ericwb in https://github.com/PyCQA/bandit/pull/1091
Fix up issues found running Bandit on itself by @ericwb in https://github.com/PyCQA/bandit/pull/1093
Add random.randbytes to blacklist calls by @ericwb in https://github.com/PyCQA/bandit/pull/1096
Prepend ./ for files specified as CLI args by @ericwb in https://github.com/PyCQA/bandit/pull/1094
Rework GitPython dependency to be an extra for bandit-baseline by @ericwb in https://github.com/PyCQA/bandit/pull/1099
Bump actions/dependency-review-action from 3 to 4 by @dependabot in https://github.com/PyCQA/bandit/pull/1101
Introduce Official Bandit Images by @lukehinds in https://github.com/PyCQA/bandit/pull/1088
Remove markdown formatting in reStructuredText formatted README by @ericwb in https://github.com/PyCQA/bandit/pull/1103
Downsize the org:repo name by @lukehinds in https://github.com/PyCQA/bandit/pull/1104

New Contributors

@kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7

`v1.7.6`

Compare Source

What's Changed

Update bug report to include version 1.7.5 by @ericwb in https://github.com/PyCQA/bandit/pull/993
Render Python 3.10 in drop down correctly by @ericwb in https://github.com/PyCQA/bandit/pull/997
Remove checks for Python2 urllib by @ericwb in https://github.com/PyCQA/bandit/pull/999
Improper detection of non-requests module by @ericwb in https://github.com/PyCQA/bandit/pull/1011
xmlrpclib replaced with xmlrpc in Python3 by @ericwb in https://github.com/PyCQA/bandit/pull/1012
language and linting updates by @marksmayo in https://github.com/PyCQA/bandit/pull/1015
Adds check for crypt module usage as weak hash by @ericwb in https://github.com/PyCQA/bandit/pull/1018
Switch to tox 4 by @mportesdev in https://github.com/PyCQA/bandit/pull/1020
Skip unnecessary pip install commands in the pythonpackage.yml workflow by @mportesdev in https://github.com/PyCQA/bandit/pull/1021
Update versions of used GitHub Actions by @mportesdev in https://github.com/PyCQA/bandit/pull/1024
Update pre-commit hooks by @mportesdev in https://github.com/PyCQA/bandit/pull/1026
Add random.Random to B311 checks by @shiftinv in https://github.com/PyCQA/bandit/pull/940
Add a copy button to all code snippets in docs by @ericwb in https://github.com/PyCQA/bandit/pull/1030
Replace pbr in favor of importlib by @ericwb in https://github.com/PyCQA/bandit/pull/1016
Switch from open collective to PSF by @ericwb in https://github.com/PyCQA/bandit/pull/1031
Make pre-commit run Bandit hook using a single process by @Klavionik in https://github.com/PyCQA/bandit/pull/1029
Remove support for Python 3.7 due to end-of-life by @ericwb in https://github.com/PyCQA/bandit/pull/1034
Update asserts.py documentation by @deronnax in https://github.com/PyCQA/bandit/pull/1036
Simplify wrap_file_object by @mportesdev in https://github.com/PyCQA/bandit/pull/1037
django_rawsql_used: support keyword arguments used in RawSQL by @kevinmarsh in https://github.com/PyCQA/bandit/pull/765
Avoid gitpyhon CVE-2022-24439 by @carlosduelo in https://github.com/PyCQA/bandit/pull/1048
Update blacklist call documentation by @costaparas in https://github.com/PyCQA/bandit/pull/1045
Support ignoring blacklists by name by @costaparas in https://github.com/PyCQA/bandit/pull/1046
Fix dependabot to update github actions by @ericwb in https://github.com/PyCQA/bandit/pull/1057
Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/PyCQA/bandit/pull/1058
Fix for ReadtheDocs build by @ericwb in https://github.com/PyCQA/bandit/pull/1061
fix(plugins/B507): also detect class instances by @mkniewallner in https://github.com/PyCQA/bandit/pull/1064
Use mirror repository for black pre-commit hook by @mportesdev in https://github.com/PyCQA/bandit/pull/1070
Add official support of Python 3.12 by @ericwb in https://github.com/PyCQA/bandit/pull/1068
Fix crash on pyproject.toml without bandit config by @javajawa in https://github.com/PyCQA/bandit/pull/1073
refactor: remove importlib-metadata fallback by @mkniewallner in https://github.com/PyCQA/bandit/pull/1066
Fixes for sphinx build by @ericwb in https://github.com/PyCQA/bandit/pull/1063

New Contributors

@marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015
@shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940
@Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029
@deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036
@kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765
@carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048
@costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045
@dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058
@javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6

`v1.7.5`

Compare Source

What's Changed

Add an example screen shot of Bandit to README by @ericwb in https://github.com/PyCQA/bandit/pull/847
Bad link to screen shot by @ericwb in https://github.com/PyCQA/bandit/pull/848
Use a constant for weak hashes by @ericwb in https://github.com/PyCQA/bandit/pull/850
Group location line with code output by @ericwb in https://github.com/PyCQA/bandit/pull/822
Fix line range using Python 3.8 end_lineno by @ericwb in https://github.com/PyCQA/bandit/pull/821
Add classifier to indicate Py3 only by @ericwb in https://github.com/PyCQA/bandit/pull/853
Removal of blacklist call B309 httpsconnection by @ericwb in https://github.com/PyCQA/bandit/pull/858
Remove blacklist call check for os.tempnam by @ericwb in https://github.com/PyCQA/bandit/pull/859
Indiciate hash type in message by @ericwb in https://github.com/PyCQA/bandit/pull/860
Add the httpx module check for verify by @ericwb in https://github.com/PyCQA/bandit/pull/861
Add doc for hashlib plugin by @ericwb in https://github.com/PyCQA/bandit/pull/862
Make use of rich for progress bar by @ericwb in https://github.com/PyCQA/bandit/pull/863
Replace toml with tomli by @mkniewallner in https://github.com/PyCQA/bandit/pull/829
Fix up B109 and B111 removed plugins docs by @ericwb in https://github.com/PyCQA/bandit/pull/864
add check for "requests" calls without timeout by @mschfh in https://github.com/PyCQA/bandit/pull/743
Fix for build breaks in format job by @ericwb in https://github.com/PyCQA/bandit/pull/869
Add license and contributing links to docs by @ericwb in https://github.com/PyCQA/bandit/pull/867
Remove redundant word Bandit in titles of sections by @ericwb in https://github.com/PyCQA/bandit/pull/873
Add request for feedback via 👍 by @ericwb in https://github.com/PyCQA/bandit/pull/871
Add a Discord link to the docs by @ericwb in https://github.com/PyCQA/bandit/pull/870
Adding logging.config.listen() plugin with examples by @raj3shp in https://github.com/PyCQA/bandit/pull/874
Removal of ghugo by @ericwb in https://github.com/PyCQA/bandit/pull/881
Remove redundant pip line by @ericwb in https://github.com/PyCQA/bandit/pull/884
Corrected documentation on configuration by @a-takahashi223 in https://github.com/PyCQA/bandit/pull/868
Start testing against Python 3.11 by @mkniewallner in https://github.com/PyCQA/bandit/pull/887
Add myself to sponsor list by @ericwb in https://github.com/PyCQA/bandit/pull/885
Add Discord link to README by @ericwb in https://github.com/PyCQA/bandit/pull/875
Update action versions in Actions workflows (#890) by @mportesdev in https://github.com/PyCQA/bandit/pull/893
Add dependency review action by @ericwb in https://github.com/PyCQA/bandit/pull/891
Fix an unclosed tag in HTML formatter by @mportesdev in https://github.com/PyCQA/bandit/pull/896
'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by @rajaramsrn in https://github.com/PyCQA/bandit/pull/897
Make small fixes in docs by @mportesdev in https://github.com/PyCQA/bandit/pull/899
Specify semver range for Python 3.11 by @mportesdev in https://github.com/PyCQA/bandit/pull/901
Add another bad example of yaml load by @ericwb in https://github.com/PyCQA/bandit/pull/905
Add releases link in "Version control integration" by @travisjungroth in https://github.com/PyCQA/bandit/pull/909
Update version of dependency-review-action by @mportesdev in https://github.com/PyCQA/bandit/pull/911
Avoid redundant message if debug on by @ericwb in https://github.com/PyCQA/bandit/pull/913
Remove invalid checking on hashlib by @ericwb in https://github.com/PyCQA/bandit/pull/914
Add some missing curve types by @ericwb in https://github.com/PyCQA/bandit/pull/920
add jsonpickle deserialization blacklist by @SugarP1g in https://github.com/PyCQA/bandit/pull/707
Fix reading the number argument from config file by @KAUTH in https://github.com/PyCQA/bandit/pull/923
Add end_col_offset if available by @ericwb in https://github.com/PyCQA/bandit/pull/851
Enhancement Proposal: Plugin "assert_used" config-skip snippet by @marianomartinelli in https://github.com/PyCQA/bandit/pull/695
Blacklist pandas read_pickle and add functional test for it by @jaspersival in https://github.com/PyCQA/bandit/pull/710
Docs for request without timeout has dead link by @ericwb in https://github.com/PyCQA/bandit/pull/925
Add case for global exec by @tonybaloney in https://github.com/PyCQA/bandit/pull/570
Fix a false positive condition yaml_load by @ericwb in https://github.com/PyCQA/bandit/pull/927
Fix issue #453 jinja2 template select_autoescape when using jinja2.select_autoescape by @kinow in https://github.com/PyCQA/bandit/pull/454
Adding tarfile.extractall() plugin with examples by @yilmi in https://github.com/PyCQA/bandit/pull/549
Check for deprecated TLS 1.1 by @ericwb in https://github.com/PyCQA/bandit/pull/928
weak_cryptographic_key assumes positional arg by @ericwb in https://github.com/PyCQA/bandit/pull/930
Fix filename of B202 in docs by @mportesdev in https://github.com/PyCQA/bandit/pull/932
Remove python 2 reference in docs by @ericwb in https://github.com/PyCQA/bandit/pull/933
Pass correct number of arguments to match the %s placeholders. by @mportesdev in https://github.com/PyCQA/bandit/pull/934
Fixup some invalid pickle testing by @ericwb in https://github.com/PyCQA/bandit/pull/924
Fix json and yaml formatters to respect num lines by @ericwb in https://github.com/PyCQA/bandit/pull/929
Fix AttributeError on detect of tuple assign condition by @ericwb in https://github.com/PyCQA/bandit/pull/931
[docs] Mention exclude_dirs option available in TOML and YAML by @bittner in https://github.com/PyCQA/bandit/pull/876
Typo fix by @PermanAtayev in https://github.com/PyCQA/bandit/pull/945
remove py2 exec example in docs by @clavedeluna in https://github.com/PyCQA/bandit/pull/947
Add official Python 3.11 support by @ericwb in https://github.com/PyCQA/bandit/pull/964
DOC: Add explanation on how to use pre-commit with config file by @phofl in https://github.com/PyCQA/bandit/pull/968
Fix breaking build due to new tox by @ericwb in https://github.com/PyCQA/bandit/pull/983
Correct build status badge in README by @gliptak in https://github.com/PyCQA/bandit/pull/980
Improve detecting SQL injections in f-strings by @kfrydel in https://github.com/PyCQA/bandit/pull/917
Improve handling nosec for multi-line strings by @kfrydel in https://github.com/PyCQA/bandit/pull/915
Check for github action updates monthly by @jlosito in https://github.com/PyCQA/bandit/pull/989
Added a bit more project_urls by @KOLANICH in https://github.com/PyCQA/bandit/pull/985

New Contributors

@mschfh made their first contribution in https://github.com/PyCQA/bandit/pull/743
@raj3shp made their first contribution in https://github.com/PyCQA/bandit/pull/874
@a-takahashi223 made their first contribution in https://github.com/PyCQA/bandit/pull/868
@mportesdev made their first contribution in https://github.com/PyCQA/bandit/pull/893
@rajaramsrn made their first contribution in https://github.com/PyCQA/bandit/pull/897
@travisjungroth made their first contribution in https://github.com/PyCQA/bandit/pull/909
@SugarP1g made their first contribution in https://github.com/PyCQA/bandit/pull/707
@KAUTH made their first contribution in https://github.com/PyCQA/bandit/pull/923
@marianomartinelli made their first contribution in https://github.com/PyCQA/bandit/pull/695
@jaspersival made their first contribution in https://github.com/PyCQA/bandit/pull/710
@kinow made their first contribution in https://github.com/PyCQA/bandit/pull/454
@yilmi made their first contribution in https://github.com/PyCQA/bandit/pull/549
@PermanAtayev made their first contribution in https://github.com/PyCQA/bandit/pull/945
@clavedeluna made their first contribution in https://github.com/PyCQA/bandit/pull/947
@phofl made their first contribution in https://github.com/PyCQA/bandit/pull/968
@gliptak made their first contribution in https://github.com/PyCQA/bandit/pull/980
@kfrydel made their first contribution in https://github.com/PyCQA/bandit/pull/917
@jlosito made their first contribution in https://github.com/PyCQA/bandit/pull/989
@KOLANICH made their first contribution in https://github.com/PyCQA/bandit/pull/985

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5

`v1.7.4`

Compare Source

What's Changed

Fix traceback in hashlib_insecure_functions by @ericwb in https://github.com/PyCQA/bandit/pull/834
Add version 1.7.3 to dropdown by @ericwb in https://github.com/PyCQA/bandit/pull/833
core/config: Fix ConfigError missing argument if toml is missing by @Holzhaus in https://github.com/PyCQA/bandit/pull/845
Add 1.7.4 in issue template by @ericwb in https://github.com/PyCQA/bandit/pull/846

New Contributors

@Holzhaus made their first contribution in https://github.com/PyCQA/bandit/pull/845

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.3...1.7.4

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Nov 27, 2024 by igswsihw-wmadepbot

Update dependency bandit to v1.8.0

Release Notes

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

Configuration

Merge request reports