Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update bandit to 1.8.0 #2004

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

pyup-bot
Copy link
Collaborator

This PR updates bandit from 1.6.2 to 1.8.0.

Changelog

1.8.0

What's Changed
* Bump docker/build-push-action from 6.7.0 to 6.9.0 by dependabot in https://github.com/PyCQA/bandit/pull/1178
* Rename doc file to match proper bandit ID by ericwb in https://github.com/PyCQA/bandit/pull/1183
* Removal of Python 3.8 support by ericwb in https://github.com/PyCQA/bandit/pull/1174
* Add more insecure cryptography cipher algorithms by ericwb in https://github.com/PyCQA/bandit/pull/1185
* Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by dependabot in https://github.com/PyCQA/bandit/pull/1186
* Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by dependabot in https://github.com/PyCQA/bandit/pull/1187
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1162
* No need to check httpx client without timeout defined by ericwb in https://github.com/PyCQA/bandit/pull/1177
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1191
* Mark Python 3.13 as officially supported by ericwb in https://github.com/PyCQA/bandit/pull/1192
* Update project urls with added links by ericwb in https://github.com/PyCQA/bandit/pull/1193
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1196
* Add a JSON to seek funding from the FLOSS/fund by ericwb in https://github.com/PyCQA/bandit/pull/1194
* Remove Sentry as a sponsor by ericwb in https://github.com/PyCQA/bandit/pull/1198
* Remove more leftover OpenStack references by ericwb in https://github.com/PyCQA/bandit/pull/1195


**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.10...1.8.0

1.7.10

What's Changed
* Bump docker/build-push-action from 5.4.0 to 6.0.0 by dependabot in https://github.com/PyCQA/bandit/pull/1147
* Suggested small refactors in assignments by ericwb in https://github.com/PyCQA/bandit/pull/1150
* Performance improvement in blacklist function by ericwb in https://github.com/PyCQA/bandit/pull/1148
* Add test for usage of FTP_TLS by ericwb in https://github.com/PyCQA/bandit/pull/1149
* New check: B113: TrojanSource - Bidirectional control characters by Lucas-C in https://github.com/PyCQA/bandit/pull/757
* Bump docker/build-push-action from 6.0.0 to 6.1.0 by dependabot in https://github.com/PyCQA/bandit/pull/1152
* feat(plugins): add support for `httpx` in `B113` by mkniewallner in https://github.com/PyCQA/bandit/pull/1060
* Nit: remove unused variable by ericwb in https://github.com/PyCQA/bandit/pull/1153
* Add recent releases to version choice in bug report by ericwb in https://github.com/PyCQA/bandit/pull/1151
* Bump docker/build-push-action from 6.1.0 to 6.2.0 by dependabot in https://github.com/PyCQA/bandit/pull/1155
* Bump docker/build-push-action from 6.2.0 to 6.3.0 by dependabot in https://github.com/PyCQA/bandit/pull/1157
* Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by dependabot in https://github.com/PyCQA/bandit/pull/1156
* Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by dependabot in https://github.com/PyCQA/bandit/pull/1158
* Bump docker/login-action from 3.2.0 to 3.3.0 by dependabot in https://github.com/PyCQA/bandit/pull/1159
* Bump docker/build-push-action from 6.3.0 to 6.5.0 by dependabot in https://github.com/PyCQA/bandit/pull/1160
* Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by dependabot in https://github.com/PyCQA/bandit/pull/1163
* Bump docker/build-push-action from 6.5.0 to 6.6.1 by dependabot in https://github.com/PyCQA/bandit/pull/1166
* Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by dependabot in https://github.com/PyCQA/bandit/pull/1165
* Bump docker/build-push-action from 6.6.1 to 6.7.0 by dependabot in https://github.com/PyCQA/bandit/pull/1168
* Use consistent file naming of docs by ericwb in https://github.com/PyCQA/bandit/pull/1170
* Pytorch Load / Save Plugin by lukehinds in https://github.com/PyCQA/bandit/pull/1114

New Contributors
* Lucas-C made their first contribution in https://github.com/PyCQA/bandit/pull/757

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.9...1.7.10

1.7.9

What's Changed
* Bump docker/build-push-action from 5.1.0 to 5.2.0 by dependabot in https://github.com/PyCQA/bandit/pull/1117
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1119
* New logo for Bandit based on raccoon by ericwb in https://github.com/PyCQA/bandit/pull/1121
* Start testing on Python 3.13 by ericwb in https://github.com/PyCQA/bandit/pull/1122
* Bump docker/build-push-action from 5.2.0 to 5.3.0 by dependabot in https://github.com/PyCQA/bandit/pull/1123
* Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by dependabot in https://github.com/PyCQA/bandit/pull/1124
* Bump docker/login-action from 3.0.0 to 3.1.0 by dependabot in https://github.com/PyCQA/bandit/pull/1125
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1126
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1127
* Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by dependabot in https://github.com/PyCQA/bandit/pull/1130
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1131
* Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by dependabot in https://github.com/PyCQA/bandit/pull/1132
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1133
* Updates banner logo so it renders well in dark mode by ericwb in https://github.com/PyCQA/bandit/pull/1134
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1135
* Add a sponsor section to README by ericwb in https://github.com/PyCQA/bandit/pull/1137
* Ensure sarif extra is included as part of doc build by ericwb in https://github.com/PyCQA/bandit/pull/1139
* Bump docker/login-action from 3.1.0 to 3.2.0 by dependabot in https://github.com/PyCQA/bandit/pull/1142
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1143
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1145
* Guard against empty call argument list by ericwb in https://github.com/PyCQA/bandit/pull/1146
* Bump docker/build-push-action from 5.3.0 to 5.4.0 by dependabot in https://github.com/PyCQA/bandit/pull/1144
* Support `configfile` in `.bandit` file by bersbersbers in https://github.com/PyCQA/bandit/pull/1052

New Contributors
* pre-commit-ci made their first contribution in https://github.com/PyCQA/bandit/pull/1119
* bersbersbers made their first contribution in https://github.com/PyCQA/bandit/pull/1052

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9

1.7.8

What's Changed
* Incorrect tag naming in readme by lukehinds in https://github.com/PyCQA/bandit/pull/1105
* Utilize PyPI's trusted publishing by ericwb in https://github.com/PyCQA/bandit/pull/1107
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by dependabot in https://github.com/PyCQA/bandit/pull/1109
* Add 1.7.7 to versions of bug template by ericwb in https://github.com/PyCQA/bandit/pull/1110
* Use datetime to avoid updating copyright year by ericwb in https://github.com/PyCQA/bandit/pull/1112
* filter data is safe for tarfile extractall by etienneschalk in https://github.com/PyCQA/bandit/pull/1111
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by dependabot in https://github.com/PyCQA/bandit/pull/1115
* [B605] Add functions that are vulnerable to shell injection. by shihai1991 in https://github.com/PyCQA/bandit/pull/1116
* Add a SARIF output formatter by ericwb in https://github.com/PyCQA/bandit/pull/1113

New Contributors
* etienneschalk made their first contribution in https://github.com/PyCQA/bandit/pull/1111
* shihai1991 made their first contribution in https://github.com/PyCQA/bandit/pull/1116

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8

1.7.7

What's Changed
* Add the new release to bandit versions of bug template by ericwb in https://github.com/PyCQA/bandit/pull/1075
* Bump actions/setup-python from 4 to 5 by dependabot in https://github.com/PyCQA/bandit/pull/1076
* Handle variant in how policy is passed in paramiko by ericwb in https://github.com/PyCQA/bandit/pull/1078
* Flag str.replace as possible sql injection by costaparas in https://github.com/PyCQA/bandit/pull/1044
* defusedxml: Show correct module name by kajinamit in https://github.com/PyCQA/bandit/pull/1081
* Add tidelift to the sponsor funding list by ericwb in https://github.com/PyCQA/bandit/pull/1089
* Create a security policy by ericwb in https://github.com/PyCQA/bandit/pull/1091
* Fix up issues found running Bandit on itself by ericwb in https://github.com/PyCQA/bandit/pull/1093
* Add random.randbytes to blacklist calls by ericwb in https://github.com/PyCQA/bandit/pull/1096
* Prepend ./ for files specified as CLI args by ericwb in https://github.com/PyCQA/bandit/pull/1094
* Rework GitPython dependency to be an extra for bandit-baseline by ericwb in https://github.com/PyCQA/bandit/pull/1099
* Bump actions/dependency-review-action from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1101
* Introduce Official Bandit Images by lukehinds in https://github.com/PyCQA/bandit/pull/1088
* Remove markdown formatting in reStructuredText formatted README by ericwb in https://github.com/PyCQA/bandit/pull/1103
* Downsize the org:repo name by lukehinds in https://github.com/PyCQA/bandit/pull/1104

New Contributors
* kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7

1.7.6

What's Changed
* Update bug report to include version 1.7.5 by ericwb in https://github.com/PyCQA/bandit/pull/993
* Render Python 3.10 in drop down correctly by ericwb in https://github.com/PyCQA/bandit/pull/997
* Remove checks for Python2 urllib by ericwb in https://github.com/PyCQA/bandit/pull/999
* Improper detection of non-requests module by ericwb in https://github.com/PyCQA/bandit/pull/1011
* xmlrpclib replaced with xmlrpc in Python3 by ericwb in https://github.com/PyCQA/bandit/pull/1012
* language and linting updates by marksmayo in https://github.com/PyCQA/bandit/pull/1015
* Adds check for crypt module usage as weak hash by ericwb in https://github.com/PyCQA/bandit/pull/1018
* Switch to tox 4 by mportesdev in https://github.com/PyCQA/bandit/pull/1020
* Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by mportesdev in https://github.com/PyCQA/bandit/pull/1021
* Update versions of used GitHub Actions by mportesdev in https://github.com/PyCQA/bandit/pull/1024
* Update pre-commit hooks by mportesdev in https://github.com/PyCQA/bandit/pull/1026
* Add `random.Random` to B311 checks by shiftinv in https://github.com/PyCQA/bandit/pull/940
* Add a copy button to all code snippets in docs by ericwb in https://github.com/PyCQA/bandit/pull/1030
* Replace pbr in favor of importlib by ericwb in https://github.com/PyCQA/bandit/pull/1016
* Switch from open collective to PSF by ericwb in https://github.com/PyCQA/bandit/pull/1031
* Make pre-commit run Bandit hook using a single process by Klavionik in https://github.com/PyCQA/bandit/pull/1029
* Remove support for Python 3.7 due to end-of-life by ericwb in https://github.com/PyCQA/bandit/pull/1034
* Update asserts.py documentation by deronnax in https://github.com/PyCQA/bandit/pull/1036
* Simplify `wrap_file_object` by mportesdev in https://github.com/PyCQA/bandit/pull/1037
* django_rawsql_used: support keyword arguments used in `RawSQL` by kevinmarsh in https://github.com/PyCQA/bandit/pull/765
* Avoid gitpyhon CVE-2022-24439 by carlosduelo in https://github.com/PyCQA/bandit/pull/1048
* Update blacklist call documentation by costaparas in https://github.com/PyCQA/bandit/pull/1045
* Support ignoring blacklists by name by costaparas in https://github.com/PyCQA/bandit/pull/1046
* Fix dependabot to update github actions by ericwb in https://github.com/PyCQA/bandit/pull/1057
* Bump actions/checkout from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1058
* Fix for ReadtheDocs build by ericwb in https://github.com/PyCQA/bandit/pull/1061
* fix(plugins/B507): also detect class instances by mkniewallner in https://github.com/PyCQA/bandit/pull/1064
* Use mirror repository for black pre-commit hook by mportesdev in https://github.com/PyCQA/bandit/pull/1070
* Add official support of Python 3.12 by ericwb in https://github.com/PyCQA/bandit/pull/1068
* Fix crash on pyproject.toml without bandit config by javajawa in https://github.com/PyCQA/bandit/pull/1073
* refactor: remove `importlib-metadata` fallback by mkniewallner in https://github.com/PyCQA/bandit/pull/1066
* Fixes for sphinx build by ericwb in https://github.com/PyCQA/bandit/pull/1063

New Contributors
* marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015
* shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940
* Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029
* deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036
* kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765
* carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048
* costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045
* dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058
* javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6

1.7.5

What's Changed
* Add an example screen shot of Bandit to README by ericwb in https://github.com/PyCQA/bandit/pull/847
* Bad link to screen shot by ericwb in https://github.com/PyCQA/bandit/pull/848
* Use a constant for weak hashes by ericwb in https://github.com/PyCQA/bandit/pull/850
* Group location line with code output by ericwb in https://github.com/PyCQA/bandit/pull/822
* Fix line range using Python 3.8 end_lineno by ericwb in https://github.com/PyCQA/bandit/pull/821
* Add classifier to indicate Py3 only by ericwb in https://github.com/PyCQA/bandit/pull/853
* Removal of blacklist call B309 httpsconnection by ericwb in https://github.com/PyCQA/bandit/pull/858
* Remove blacklist call check for os.tempnam by ericwb in https://github.com/PyCQA/bandit/pull/859
* Indiciate hash type in message by ericwb in https://github.com/PyCQA/bandit/pull/860
* Add the httpx module check for verify by ericwb in https://github.com/PyCQA/bandit/pull/861
* Add doc for hashlib plugin by ericwb in https://github.com/PyCQA/bandit/pull/862
* Make use of rich for progress bar by ericwb in https://github.com/PyCQA/bandit/pull/863
* Replace `toml` with `tomli` by mkniewallner in https://github.com/PyCQA/bandit/pull/829
* Fix up B109 and B111 removed plugins docs by ericwb in https://github.com/PyCQA/bandit/pull/864
* add check for "requests" calls without timeout by mschfh in https://github.com/PyCQA/bandit/pull/743
* Fix for build breaks in format job by ericwb in https://github.com/PyCQA/bandit/pull/869
* Add license and contributing links to docs by ericwb in https://github.com/PyCQA/bandit/pull/867
* Remove redundant word Bandit in titles of sections by ericwb in https://github.com/PyCQA/bandit/pull/873
* Add request for feedback via 👍 by ericwb in https://github.com/PyCQA/bandit/pull/871
* Add a Discord link to the docs by ericwb in https://github.com/PyCQA/bandit/pull/870
* Adding logging.config.listen() plugin with examples by raj3shp in https://github.com/PyCQA/bandit/pull/874
* Removal of ghugo by ericwb in https://github.com/PyCQA/bandit/pull/881
* Remove redundant pip line by ericwb in https://github.com/PyCQA/bandit/pull/884
* Corrected documentation on configuration by a-takahashi223 in https://github.com/PyCQA/bandit/pull/868
* Start testing against Python 3.11 by mkniewallner in https://github.com/PyCQA/bandit/pull/887
* Add myself to sponsor list by ericwb in https://github.com/PyCQA/bandit/pull/885
* Add Discord link to README by ericwb in https://github.com/PyCQA/bandit/pull/875
* Update action versions in Actions workflows (890) by mportesdev in https://github.com/PyCQA/bandit/pull/893
* Add dependency review action by ericwb in https://github.com/PyCQA/bandit/pull/891
* Fix an unclosed <b> tag in HTML formatter by mportesdev in https://github.com/PyCQA/bandit/pull/896
* 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by rajaramsrn in https://github.com/PyCQA/bandit/pull/897
* Make small fixes in docs by mportesdev in https://github.com/PyCQA/bandit/pull/899
* Specify semver range for Python 3.11 by mportesdev in https://github.com/PyCQA/bandit/pull/901
* Add another bad example of yaml load by ericwb in https://github.com/PyCQA/bandit/pull/905
* Add releases link in "Version control integration" by travisjungroth in https://github.com/PyCQA/bandit/pull/909
* Update version of dependency-review-action by mportesdev in https://github.com/PyCQA/bandit/pull/911
* Avoid redundant message if debug on by ericwb in https://github.com/PyCQA/bandit/pull/913
* Remove invalid checking on hashlib by ericwb in https://github.com/PyCQA/bandit/pull/914
* Add some missing curve types by ericwb in https://github.com/PyCQA/bandit/pull/920
* add jsonpickle deserialization blacklist by SugarP1g in https://github.com/PyCQA/bandit/pull/707
* Fix reading the number argument from config file by KAUTH in https://github.com/PyCQA/bandit/pull/923
* Add end_col_offset if available by ericwb in https://github.com/PyCQA/bandit/pull/851
* Enhancement Proposal: Plugin "assert_used" config-skip snippet by marianomartinelli in https://github.com/PyCQA/bandit/pull/695
* Blacklist pandas read_pickle and add functional test for it by jaspersival in https://github.com/PyCQA/bandit/pull/710
* Docs for request without timeout has dead link by ericwb in https://github.com/PyCQA/bandit/pull/925
* Add case for global exec by tonybaloney in https://github.com/PyCQA/bandit/pull/570
* Fix a false positive condition yaml_load by ericwb in https://github.com/PyCQA/bandit/pull/927
* Fix issue 453 jinja2 template select_autoescape when using jinja2.select_autoescape by kinow in https://github.com/PyCQA/bandit/pull/454
* Adding tarfile.extractall() plugin with examples by yilmi in https://github.com/PyCQA/bandit/pull/549
* Check for deprecated TLS 1.1 by ericwb in https://github.com/PyCQA/bandit/pull/928
* weak_cryptographic_key assumes positional arg by ericwb in https://github.com/PyCQA/bandit/pull/930
* Fix filename of B202 in docs by mportesdev in https://github.com/PyCQA/bandit/pull/932
* Remove python 2 reference in docs by ericwb in https://github.com/PyCQA/bandit/pull/933
* Pass correct number of arguments to match the `%s` placeholders. by mportesdev in https://github.com/PyCQA/bandit/pull/934
* Fixup some invalid pickle testing by ericwb in https://github.com/PyCQA/bandit/pull/924
* Fix json and yaml formatters to respect num lines by ericwb in https://github.com/PyCQA/bandit/pull/929
* Fix AttributeError on detect of tuple assign condition by ericwb in https://github.com/PyCQA/bandit/pull/931
* [docs] Mention `exclude_dirs` option available in TOML and YAML by bittner in https://github.com/PyCQA/bandit/pull/876
* Typo fix by PermanAtayev in https://github.com/PyCQA/bandit/pull/945
* remove py2 exec example in docs by clavedeluna in https://github.com/PyCQA/bandit/pull/947
* Add official Python 3.11 support by ericwb in https://github.com/PyCQA/bandit/pull/964
* DOC: Add explanation on how to use pre-commit with config file by phofl in https://github.com/PyCQA/bandit/pull/968
* Fix breaking build due to new tox by ericwb in https://github.com/PyCQA/bandit/pull/983
* Correct build status badge in README by gliptak in https://github.com/PyCQA/bandit/pull/980
* Improve detecting SQL injections in f-strings by kfrydel in https://github.com/PyCQA/bandit/pull/917
* Improve handling nosec for multi-line strings by kfrydel in https://github.com/PyCQA/bandit/pull/915
* Check for github action updates monthly by jlosito in https://github.com/PyCQA/bandit/pull/989
* Added a bit more `project_urls` by KOLANICH in https://github.com/PyCQA/bandit/pull/985

New Contributors
* mschfh made their first contribution in https://github.com/PyCQA/bandit/pull/743
* raj3shp made their first contribution in https://github.com/PyCQA/bandit/pull/874
* a-takahashi223 made their first contribution in https://github.com/PyCQA/bandit/pull/868
* mportesdev made their first contribution in https://github.com/PyCQA/bandit/pull/893
* rajaramsrn made their first contribution in https://github.com/PyCQA/bandit/pull/897
* travisjungroth made their first contribution in https://github.com/PyCQA/bandit/pull/909
* SugarP1g made their first contribution in https://github.com/PyCQA/bandit/pull/707
* KAUTH made their first contribution in https://github.com/PyCQA/bandit/pull/923
* marianomartinelli made their first contribution in https://github.com/PyCQA/bandit/pull/695
* jaspersival made their first contribution in https://github.com/PyCQA/bandit/pull/710
* kinow made their first contribution in https://github.com/PyCQA/bandit/pull/454
* yilmi made their first contribution in https://github.com/PyCQA/bandit/pull/549
* PermanAtayev made their first contribution in https://github.com/PyCQA/bandit/pull/945
* clavedeluna made their first contribution in https://github.com/PyCQA/bandit/pull/947
* phofl made their first contribution in https://github.com/PyCQA/bandit/pull/968
* gliptak made their first contribution in https://github.com/PyCQA/bandit/pull/980
* kfrydel made their first contribution in https://github.com/PyCQA/bandit/pull/917
* jlosito made their first contribution in https://github.com/PyCQA/bandit/pull/989
* KOLANICH made their first contribution in https://github.com/PyCQA/bandit/pull/985

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5

1.7.4

What's Changed
* Fix traceback in hashlib_insecure_functions by ericwb in https://github.com/PyCQA/bandit/pull/834
* Add version 1.7.3 to dropdown by ericwb in https://github.com/PyCQA/bandit/pull/833
* core/config: Fix ConfigError missing argument if toml is missing by Holzhaus in https://github.com/PyCQA/bandit/pull/845
* Add 1.7.4 in issue template by ericwb in https://github.com/PyCQA/bandit/pull/846

New Contributors
* Holzhaus made their first contribution in https://github.com/PyCQA/bandit/pull/845

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.3...1.7.4

1.7.3

What's Changed
* Rely on toml conditionally by sigmavirus24 in https://github.com/PyCQA/bandit/pull/780
* Update issue template with latest versions by ericwb in https://github.com/PyCQA/bandit/pull/783
* Delete release-drafter.yml by ericwb in https://github.com/PyCQA/bandit/pull/781
* Use released version of gh-action-pypi-publish by ericwb in https://github.com/PyCQA/bandit/pull/784
* Update publish-to-pypi.yml by ericwb in https://github.com/PyCQA/bandit/pull/785
* Delete releasenotes directory (more openstack leftovers) by ericwb in https://github.com/PyCQA/bandit/pull/786
* [docs] Add Getting Started chapter (migrate from README) by bittner in https://github.com/PyCQA/bandit/pull/773
* Including CWE information by julianthome in https://github.com/PyCQA/bandit/pull/613
* Removal of the CWEMAP dict by ericwb in https://github.com/PyCQA/bandit/pull/789
* Fix up warnings in output of tox by ericwb in https://github.com/PyCQA/bandit/pull/793
* Avoid printing metrics as float point numbers by ericwb in https://github.com/PyCQA/bandit/pull/794
* Add functional test of snmp_security_check by ericwb in https://github.com/PyCQA/bandit/pull/791
* Disable individual tests by mikespallino in https://github.com/PyCQA/bandit/pull/597
* Change up how CWE is formatted by ericwb in https://github.com/PyCQA/bandit/pull/788
* Check value of usedforsecurity for hashlib by ericwb in https://github.com/PyCQA/bandit/pull/798
* Remove redundant Python 3.6 code by ericwb in https://github.com/PyCQA/bandit/pull/802
* Add new plugin to check use of pyghmi by ericwb in https://github.com/PyCQA/bandit/pull/803
* Check for hardcoded passwords in class attributes by noliverio in https://github.com/PyCQA/bandit/pull/766
* Better hashlib check for Python 3.9 by ericwb in https://github.com/PyCQA/bandit/pull/805
* Fix references to the default branch name by ericwb in https://github.com/PyCQA/bandit/pull/810
* Cleanup the README by ericwb in https://github.com/PyCQA/bandit/pull/809
* Show usage with no arguments by ericwb in https://github.com/PyCQA/bandit/pull/814
* Respect color environment variables if set by ericwb in https://github.com/PyCQA/bandit/pull/813
* Cannot seek stdin on pipe by tylerwince in https://github.com/PyCQA/bandit/pull/496
* Test on operating systems we can support by ericwb in https://github.com/PyCQA/bandit/pull/804
* Fix up some warnings and errors in docs by ericwb in https://github.com/PyCQA/bandit/pull/817
* Fix root doc for readthedocs by ericwb in https://github.com/PyCQA/bandit/pull/818
* Use versioned links to docs by ericwb in https://github.com/PyCQA/bandit/pull/819
* Use CWE link in HTML formatter by ericwb in https://github.com/PyCQA/bandit/pull/825
* Improve performance of linerange by Krock21rus in https://github.com/PyCQA/bandit/pull/629
* Inaccurate message in hashlib check by ericwb in https://github.com/PyCQA/bandit/pull/827
* Target Python >= 3.7 in pre-commit hooks by mkniewallner in https://github.com/PyCQA/bandit/pull/830
* Center the bandit logo in readme by ericwb in https://github.com/PyCQA/bandit/pull/823
* Build of artifact fails if raw directive used by ericwb in https://github.com/PyCQA/bandit/pull/831

New Contributors
* bittner made their first contribution in https://github.com/PyCQA/bandit/pull/773
* julianthome made their first contribution in https://github.com/PyCQA/bandit/pull/613
* noliverio made their first contribution in https://github.com/PyCQA/bandit/pull/766
* Krock21rus made their first contribution in https://github.com/PyCQA/bandit/pull/629

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.2...1.7.3

1.7.2

What's Changed
* Fix broken reported URL link for B107 by bagerard in https://github.com/PyCQA/bandit/pull/751
* test_help_arg: remove assert on 'optional arguments' by mikelolasagasti in https://github.com/PyCQA/bandit/pull/752
* Create FUNDING.yml by ericwb in https://github.com/PyCQA/bandit/pull/774
* Start using auto-formatters by sigmavirus24 in https://github.com/PyCQA/bandit/pull/754
* Drop end-of-life Python 3.5 by ericwb in https://github.com/PyCQA/bandit/pull/746
* Drop end-of-life Python 3.6 by ericwb in https://github.com/PyCQA/bandit/pull/777
* Fixup typo by spagh-eddie in https://github.com/PyCQA/bandit/pull/769
* Fix README.rst by stannum-l in https://github.com/PyCQA/bandit/pull/365
* Added snmp_security check plugin for various SNMP checks by Jed-Giblin in https://github.com/PyCQA/bandit/pull/403
* Remove leftover openstack code by ericwb in https://github.com/PyCQA/bandit/pull/778
* Correctly define extras in `setup.cfg` by mkniewallner in https://github.com/PyCQA/bandit/pull/755

New Contributors
* bagerard made their first contribution in https://github.com/PyCQA/bandit/pull/751
* mikelolasagasti made their first contribution in https://github.com/PyCQA/bandit/pull/752
* sigmavirus24 made their first contribution in https://github.com/PyCQA/bandit/pull/754
* spagh-eddie made their first contribution in https://github.com/PyCQA/bandit/pull/769
* Jed-Giblin made their first contribution in https://github.com/PyCQA/bandit/pull/403
* mkniewallner made their first contribution in https://github.com/PyCQA/bandit/pull/755

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.1...1.7.2

1.7.1

What's Changed
* Specify output_file encoding as utf-8 by Brcrwilliams in https://github.com/PyCQA/bandit/pull/364
* Specify language_version in .pre-commit-hooks.yaml by jdufresne in https://github.com/PyCQA/bandit/pull/670
* Clearer message for subprocess module use by ericwb in https://github.com/PyCQA/bandit/pull/667
* Add the column offset to the issue model by tonybaloney in https://github.com/PyCQA/bandit/pull/618
* Show column offset on all formatters by ericwb in https://github.com/PyCQA/bandit/pull/673
* More complete removal of Python2 code by ericwb in https://github.com/PyCQA/bandit/pull/674
* Small syntax and formatting cleanup by ericwb in https://github.com/PyCQA/bandit/pull/676
* Updates to address docstring code scan issues, add flake8 configuration by asears in https://github.com/PyCQA/bandit/pull/671
* More cleanup of license headers by ericwb in https://github.com/PyCQA/bandit/pull/679
* Replace http with https URLs by ericwb in https://github.com/PyCQA/bandit/pull/680
* Add default labels to issues by ericwb in https://github.com/PyCQA/bandit/pull/681
* Prevent creation of blank issues by ericwb in https://github.com/PyCQA/bandit/pull/682
* Include the line number when using HTML output format by aludwin1 in https://github.com/PyCQA/bandit/pull/683
* Add support for Python 3.9 by ericwb in https://github.com/PyCQA/bandit/pull/650
* Add numeric options for severity and confidence by nathanstocking in https://github.com/PyCQA/bandit/pull/702
* 694 Bandit fails when using importlib with named arguments by maciejstromich in https://github.com/PyCQA/bandit/pull/701
* Add license to package installation metadata by RobbeSneyders in https://github.com/PyCQA/bandit/pull/705
* Mock part of python 3.x by ericwb in https://github.com/PyCQA/bandit/pull/685
* Remove statement about Py3 by ericwb in https://github.com/PyCQA/bandit/pull/713
* Use new issue template format by ericwb in https://github.com/PyCQA/bandit/pull/717
* Fix syntax error in bug report by ericwb in https://github.com/PyCQA/bandit/pull/718
* Remove steps in reproduce section by ericwb in https://github.com/PyCQA/bandit/pull/719
* Fix syntax errors in bug report by ericwb in https://github.com/PyCQA/bandit/pull/720
* document that random.choices() isn't secure either by taybin in https://github.com/PyCQA/bandit/pull/728
* PEP-518 support: configure bandit via pyproject.toml by orsinium in https://github.com/PyCQA/bandit/pull/401
* Always use a Loader in yaml.load by ericwb in https://github.com/PyCQA/bandit/pull/745
* fix reading initial values from .bandit by alipqb in https://github.com/PyCQA/bandit/pull/722

New Contributors
* Brcrwilliams made their first contribution in https://github.com/PyCQA/bandit/pull/364
* jdufresne made their first contribution in https://github.com/PyCQA/bandit/pull/670
* tonybaloney made their first contribution in https://github.com/PyCQA/bandit/pull/618
* asears made their first contribution in https://github.com/PyCQA/bandit/pull/671
* aludwin1 made their first contribution in https://github.com/PyCQA/bandit/pull/683
* nathanstocking made their first contribution in https://github.com/PyCQA/bandit/pull/702
* RobbeSneyders made their first contribution in https://github.com/PyCQA/bandit/pull/705
* taybin made their first contribution in https://github.com/PyCQA/bandit/pull/728
* orsinium made their first contribution in https://github.com/PyCQA/bandit/pull/401
* alipqb made their first contribution in https://github.com/PyCQA/bandit/pull/722

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1

1.7.0

What's Changed
* Use GitHub Action badge for build by ericwb in https://github.com/PyCQA/bandit/pull/651
* Remove universal support on the wheel by ericwb in https://github.com/PyCQA/bandit/pull/655
* Give some tips on how to resolve B101 in the doc by xuhdev in https://github.com/PyCQA/bandit/pull/616
* Remove blacklist call to input() by ericwb in https://github.com/PyCQA/bandit/pull/662
* Create CODEOWNERS by ericwb in https://github.com/PyCQA/bandit/pull/661

New Contributors
* xuhdev made their first contribution in https://github.com/PyCQA/bandit/pull/616

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.6.3...1.7.0

1.6.3

What's Changed
* Replace setattr by tylerwince in https://github.com/PyCQA/bandit/pull/493
* Fix 3.8 errors by tylerwince in https://github.com/PyCQA/bandit/pull/509
* get_url returns different urls calling twice (bug 506) by ehooo in https://github.com/PyCQA/bandit/pull/507
* fix B603 docstring by graingert in https://github.com/PyCQA/bandit/pull/524
* --exit-zero option by maciejstromich in https://github.com/PyCQA/bandit/pull/510
* fix the documentation file README.rst  by MrDolev in https://github.com/PyCQA/bandit/pull/533
* Cleanup comments after 510 by florczakraf in https://github.com/PyCQA/bandit/pull/532
* Update test requirements to latest versions by ericwb in https://github.com/PyCQA/bandit/pull/535
* Remove obsolete "sudo" keyword. by jugmac00 in https://github.com/PyCQA/bandit/pull/538
* Remove unused bindep.txt file by ericwb in https://github.com/PyCQA/bandit/pull/539
* Revert "Revert "Update python documentation links for version 3 counterparts"" by ericwb in https://github.com/PyCQA/bandit/pull/540
* Add several ini options for .bandit file by vuolter in https://github.com/PyCQA/bandit/pull/508
* Add type checking to name node of hashlib_new by teeann in https://github.com/PyCQA/bandit/pull/516
* Add more missing ini options by ericwb in https://github.com/PyCQA/bandit/pull/541
* Add shelve to the pickle blacklists by auscompgeek in https://github.com/PyCQA/bandit/pull/542
* Fix readme file on Extending Bandit on list things by MrDolev in https://github.com/PyCQA/bandit/pull/534
* Add official support of Python 3.8 by ericwb in https://github.com/PyCQA/bandit/pull/547
* update README to add info about badge by zachvalenta in https://github.com/PyCQA/bandit/pull/482
* Fix docs for B610,B611,B703 by amacfie in https://github.com/PyCQA/bandit/pull/555
* Use SPDX license identifier instead of bulky headers by ericwb in https://github.com/PyCQA/bandit/pull/530
* Add a section explaining "nosec" by exhuma in https://github.com/PyCQA/bandit/pull/554
* replace 'then' with 'than' by pwoolvett in https://github.com/PyCQA/bandit/pull/557
* Add sha1 to the list of insecure hashes by ericwb in https://github.com/PyCQA/bandit/pull/561
* Use GitHub Actions to run CI by ericwb in https://github.com/PyCQA/bandit/pull/565
* Ignore common directories by default by ericwb in https://github.com/PyCQA/bandit/pull/544
* Add push and pull request to GH Action trigger by ericwb in https://github.com/PyCQA/bandit/pull/567
* Add contributing file by Glyphack in https://github.com/PyCQA/bandit/pull/572
* Fix contributing typo by Glyphack in https://github.com/PyCQA/bandit/pull/582
* [DOC] Support python3 venv creation by look4regev in https://github.com/PyCQA/bandit/pull/583
* Cleanup some typos in recent contributor guide by ericwb in https://github.com/PyCQA/bandit/pull/585
* Fix colorama not being disabled after being used by adambenali in https://github.com/PyCQA/bandit/pull/586
* Fix typo for activating venv by bavedarnow in https://github.com/PyCQA/bandit/pull/590
* Bump pyyaml by dosisod in https://github.com/PyCQA/bandit/pull/588
* Update CODE_OF_CONDUCT.md by ericwb in https://github.com/PyCQA/bandit/pull/591
* Resolve 'NoneType' object has no attribute 'id'Traceback in django_mark_safe by ehooo in https://github.com/PyCQA/bandit/pull/598
* [FIX] blacklist: fix typo in import_ftplib by Yenthe666 in https://github.com/PyCQA/bandit/pull/601
* Add release notes project URL by scop in https://github.com/PyCQA/bandit/pull/610
* Drop Python2 build, test, and install by ericwb in https://github.com/PyCQA/bandit/pull/615
* Fix  noqa rendering in docs by DrGFreeman in https://github.com/PyCQA/bandit/pull/645
* Don't show progress information on --quiet by fniessink in https://github.com/PyCQA/bandit/pull/641
* Add skip configuration to assert_used by wilbertom in https://github.com/PyCQA/bandit/pull/633
* GitHub Action to publish to Test PyPI by ericwb in https://github.com/PyCQA/bandit/pull/652
* Add workflow to publish to PyPI by ericwb in https://github.com/PyCQA/bandit/pull/653

New Contributors
* graingert made their first contribution in https://github.com/PyCQA/bandit/pull/524
* MrDolev made their first contribution in https://github.com/PyCQA/bandit/pull/533
* florczakraf made their first contribution in https://github.com/PyCQA/bandit/pull/532
* jugmac00 made their first contribution in https://github.com/PyCQA/bandit/pull/538
* vuolter made their first contribution in https://github.com/PyCQA/bandit/pull/508
* teeann made their first contribution in https://github.com/PyCQA/bandit/pull/516
* auscompgeek made their first contribution in https://github.com/PyCQA/bandit/pull/542
* zachvalenta made their first contribution in https://github.com/PyCQA/bandit/pull/482
* amacfie made their first contribution in https://github.com/PyCQA/bandit/pull/555
* exhuma made their first contribution in https://github.com/PyCQA/bandit/pull/554
* pwoolvett made their first contribution in https://github.com/PyCQA/bandit/pull/557
* Glyphack made their first contribution in https://github.com/PyCQA/bandit/pull/572
* look4regev made their first contribution in https://github.com/PyCQA/bandit/pull/583
* adambenali made their first contribution in https://github.com/PyCQA/bandit/pull/586
* bavedarnow made their first contribution in https://github.com/PyCQA/bandit/pull/590
* dosisod made their first contribution in https://github.com/PyCQA/bandit/pull/588
* Yenthe666 made their first contribution in https://github.com/PyCQA/bandit/pull/601
* scop made their first contribution in https://github.com/PyCQA/bandit/pull/610
* DrGFreeman made their first contribution in https://github.com/PyCQA/bandit/pull/645
* fniessink made their first contribution in https://github.com/PyCQA/bandit/pull/641
* wilbertom made their first contribution in https://github.com/PyCQA/bandit/pull/633

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3
Links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant