Releases: PyCQA/bandit
Releases · PyCQA/bandit
1.8.6
What's Changed
- Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @dependabot in #1279
- Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot in #1278
- added hint to FreeBSD package in doc/source/integrations.rst by @daniel-mohr in #1282
- Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @dependabot in #1284
- Huggingface revision pinning by @lukehinds in #1281
New Contributors
- @daniel-mohr made their first contribution in #1282
Full Changelog: 1.8.5...1.8.6
Contributors
lukehinds, dependabot, and daniel-mohr
Assets 2
1.8.5
What's Changed
- Fix the rendering of the CI/CD doc by @ericwb in #1274
- Fix for publish to PyPI failure by @ericwb in #1273
Full Changelog: 1.8.4...1.8.5
Contributors
ericwb
Assets 2
1.8.4
What's Changed
- Add more random functions to B311 check by @aripollak in #1235
- Metadata: rename classifier to classifiers by @ericwb in #1237
- Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by @dependabot in #1239
- Bump docker/build-push-action from 6.13.0 to 6.14.0 by @dependabot in #1238
- Bump docker/build-push-action from 6.14.0 to 6.15.0 by @dependabot in #1240
- Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by @dependabot in #1241
- Bump docker/login-action from 3.3.0 to 3.4.0 by @dependabot in #1245
- Bump bandit version in bug template by @ericwb in #1247
- Fix traceback from trojansource plugin by @ericwb in #1248
- Ensure the man page is built by @ericwb in #1257
- Update documentation to cover
--severity-leveland--confidence-levelby @bmos in #1254 - Use license property in lieu of classifier by @ericwb in #1259
- Fix up some of the warnings when building docs by @ericwb in #1258
- Add a doc describing various integrations by @ericwb in #1253
- Use ubuntu latest for readthedocs build by @ericwb in #1260
- Bump docker/build-push-action from 6.15.0 to 6.16.0 by @dependabot in #1261
- Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @dependabot in #1262
- Remove etc from list of temp paths by @ericwb in #1263
- Bump docker/build-push-action from 6.16.0 to 6.17.0 by @dependabot in #1265
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1266
- Bump docker/build-push-action from 6.17.0 to 6.18.0 by @dependabot in #1268
- add github-actions documentation by @Killpit in #1172
New Contributors
- @aripollak made their first contribution in #1235
- @bmos made their first contribution in #1254
- @Killpit made their first contribution in #1172
Full Changelog: 1.8.3...1.8.4
Contributors
aripollak, bmos, and 4 other contributors
Assets 2
1.8.3
What's Changed
- Bump docker/build-push-action from 6.10.0 to 6.11.0 by @dependabot in #1220
- Bump docker/build-push-action from 6.11.0 to 6.12.0 by @dependabot in #1221
- Bump docker/build-push-action from 6.12.0 to 6.13.0 by @dependabot in #1222
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1229
- Update bug template to include latest released versions by @ericwb in #1218
- Add markupsafe.Markup XSS plugin by @Daverball in #1225
- Warn not error on an nonexistant test given by @ericwb in #1230
- Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @dependabot in #1233
- Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @dependabot in #1234
- B107: Skip None values in hardcoded password detection by @lukehinds in #1232
- Pytorch fix by @lukehinds in #1231
New Contributors
- @Daverball made their first contribution in #1225
Full Changelog: 1.8.2...1.8.3
Contributors
ericwb, Daverball, and 3 other contributors
Assets 2
1.8.2
What's Changed
Full Changelog: 1.8.1...1.8.2
Contributors
ericwb
Assets 2
1.8.1
What's Changed
- Bump docker/build-push-action from 6.9.0 to 6.10.0 by @dependabot in #1209
- Update the bug template with latest bandit version by @ericwb in #1208
- Add Mercedes-Benz to sponsor list by @ericwb in #1210
- Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @dependabot in #1211
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1213
- Start testing with 3.14 alphas by @ericwb in #1189
- Remove lxml (B320 & B410) from blacklist by @djbrown in #1212
- Clarify "getting started" docs by @Flimm in #963
New Contributors
Full Changelog: 1.8.0...1.8.1
Contributors
Flimm, ericwb, and 3 other contributors
Assets 2
1.8.0
What's Changed
- Bump docker/build-push-action from 6.7.0 to 6.9.0 by @dependabot in #1178
- Rename doc file to match proper bandit ID by @ericwb in #1183
- Removal of Python 3.8 support by @ericwb in #1174
- Add more insecure cryptography cipher algorithms by @ericwb in #1185
- Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @dependabot in #1186
- Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #1187
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1162
- No need to check httpx client without timeout defined by @ericwb in #1177
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1191
- Mark Python 3.13 as officially supported by @ericwb in #1192
- Update project urls with added links by @ericwb in #1193
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1196
- Add a JSON to seek funding from the FLOSS/fund by @ericwb in #1194
- Remove Sentry as a sponsor by @ericwb in #1198
- Remove more leftover OpenStack references by @ericwb in #1195
Full Changelog: 1.7.10...1.8.0
Contributors
ericwb, dependabot, and pre-commit-ci
Assets 2
1.7.10
What's Changed
- Bump docker/build-push-action from 5.4.0 to 6.0.0 by @dependabot in #1147
- Suggested small refactors in assignments by @ericwb in #1150
- Performance improvement in blacklist function by @ericwb in #1148
- Add test for usage of FTP_TLS by @ericwb in #1149
- New check: B113: TrojanSource - Bidirectional control characters by @Lucas-C in #757
- Bump docker/build-push-action from 6.0.0 to 6.1.0 by @dependabot in #1152
- feat(plugins): add support for
httpxinB113by @mkniewallner in #1060 - Nit: remove unused variable by @ericwb in #1153
- Add recent releases to version choice in bug report by @ericwb in #1151
- Bump docker/build-push-action from 6.1.0 to 6.2.0 by @dependabot in #1155
- Bump docker/build-push-action from 6.2.0 to 6.3.0 by @dependabot in #1157
- Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in #1156
- Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in #1158
- Bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #1159
- Bump docker/build-push-action from 6.3.0 to 6.5.0 by @dependabot in #1160
- Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @dependabot in #1163
- Bump docker/build-push-action from 6.5.0 to 6.6.1 by @dependabot in #1166
- Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #1165
- Bump docker/build-push-action from 6.6.1 to 6.7.0 by @dependabot in #1168
- Use consistent file naming of docs by @ericwb in #1170
- Pytorch Load / Save Plugin by @lukehinds in #1114
New Contributors
Full Changelog: 1.7.9...1.7.10
Contributors
Lucas-C, ericwb, and 3 other contributors
Assets 2
1.7.9
What's Changed
- Bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #1117
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1119
- New logo for Bandit based on raccoon by @ericwb in #1121
- Start testing on Python 3.13 by @ericwb in #1122
- Bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in #1123
- Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @dependabot in #1124
- Bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #1125
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1126
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1127
- Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @dependabot in #1130
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1131
- Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1132
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1133
- Updates banner logo so it renders well in dark mode by @ericwb in #1134
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1135
- Add a sponsor section to README by @ericwb in #1137
- Ensure sarif extra is included as part of doc build by @ericwb in #1139
- Bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #1142
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1143
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1145
- Guard against empty call argument list by @ericwb in #1146
- Bump docker/build-push-action from 5.3.0 to 5.4.0 by @dependabot in #1144
- Support
configfilein.banditfile by @bersbersbers in #1052
New Contributors
- @pre-commit-ci made their first contribution in #1119
- @bersbersbers made their first contribution in #1052
Full Changelog: 1.7.8...1.7.9
Contributors
ericwb, bersbersbers, and 2 other contributors
Assets 2
1.7.8
What's Changed
- Incorrect tag naming in readme by @lukehinds in #1105
- Utilize PyPI's trusted publishing by @ericwb in #1107
- Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #1109
- Add 1.7.7 to versions of bug template by @ericwb in #1110
- Use datetime to avoid updating copyright year by @ericwb in #1112
- filter data is safe for tarfile extractall by @etienneschalk in #1111
- Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #1115
- [B605] Add functions that are vulnerable to shell injection. by @shihai1991 in #1116
- Add a SARIF output formatter by @ericwb in #1113
New Contributors
- @etienneschalk made their first contribution in #1111
- @shihai1991 made their first contribution in #1116
Full Changelog: 1.7.7...1.7.8
Contributors
ericwb, lukehinds, and 3 other contributors