Bump bandit[toml] from 1.7.4 to 1.7.5 #27

dependabot · 2023-05-10T12:11:11Z

Bumps bandit[toml] from 1.7.4 to 1.7.5.

Release notes

1.7.5

What's Changed

Add an example screen shot of Bandit to README by @ericwb in PyCQA/bandit#847

Bad link to screen shot by @ericwb in PyCQA/bandit#848

Use a constant for weak hashes by @ericwb in PyCQA/bandit#850

Group location line with code output by @ericwb in PyCQA/bandit#822

Fix line range using Python 3.8 end_lineno by @ericwb in PyCQA/bandit#821

Add classifier to indicate Py3 only by @ericwb in PyCQA/bandit#853

Removal of blacklist call B309 httpsconnection by @ericwb in PyCQA/bandit#858

Remove blacklist call check for os.tempnam by @ericwb in PyCQA/bandit#859

Indiciate hash type in message by @ericwb in PyCQA/bandit#860

Add the httpx module check for verify by @ericwb in PyCQA/bandit#861

Add doc for hashlib plugin by @ericwb in PyCQA/bandit#862

Make use of rich for progress bar by @ericwb in PyCQA/bandit#863

Replace toml with tomli by @mkniewallner in PyCQA/bandit#829

Fix up B109 and B111 removed plugins docs by @ericwb in PyCQA/bandit#864

add check for "requests" calls without timeout by @mschfh in PyCQA/bandit#743

Fix for build breaks in format job by @ericwb in PyCQA/bandit#869

Add license and contributing links to docs by @ericwb in PyCQA/bandit#867

Remove redundant word Bandit in titles of sections by @ericwb in PyCQA/bandit#873

Add request for feedback via 👍 by @ericwb in PyCQA/bandit#871

Add a Discord link to the docs by @ericwb in PyCQA/bandit#870

Adding logging.config.listen() plugin with examples by @raj3shp in PyCQA/bandit#874

Removal of ghugo by @ericwb in PyCQA/bandit#881

Remove redundant pip line by @ericwb in PyCQA/bandit#884

Corrected documentation on configuration by @a-takahashi223 in PyCQA/bandit#868

Start testing against Python 3.11 by @mkniewallner in PyCQA/bandit#887

Add myself to sponsor list by @ericwb in PyCQA/bandit#885

Add Discord link to README by @ericwb in PyCQA/bandit#875

Update action versions in Actions workflows (#890) by @mportesdev in PyCQA/bandit#893

Add dependency review action by @ericwb in PyCQA/bandit#891

Fix an unclosed tag in HTML formatter by @mportesdev in PyCQA/bandit#896

'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by @rajaramsrn in PyCQA/bandit#897

Make small fixes in docs by @mportesdev in PyCQA/bandit#899

Specify semver range for Python 3.11 by @mportesdev in PyCQA/bandit#901

Add another bad example of yaml load by @ericwb in PyCQA/bandit#905

Add releases link in "Version control integration" by @travisjungroth in PyCQA/bandit#909

Update version of dependency-review-action by @mportesdev in PyCQA/bandit#911

Avoid redundant message if debug on by @ericwb in PyCQA/bandit#913

Remove invalid checking on hashlib by @ericwb in PyCQA/bandit#914

Add some missing curve types by @ericwb in PyCQA/bandit#920

add jsonpickle deserialization blacklist by @SugarP1g in PyCQA/bandit#707

Fix reading the number argument from config file by @KAUTH in PyCQA/bandit#923

Add end_col_offset if available by @ericwb in PyCQA/bandit#851

Enhancement Proposal: Plugin "assert_used" config-skip snippet by @marianomartinelli in PyCQA/bandit#695

Blacklist pandas read_pickle and add functional test for it by @jaspersival in PyCQA/bandit#710

Docs for request without timeout has dead link by @ericwb in PyCQA/bandit#925

Add case for global exec by @tonybaloney in PyCQA/bandit#570

Fix a false positive condition yaml_load by @ericwb in PyCQA/bandit#927

Fix issue #453 jinja2 template select_autoescape when using jinja2.select_autoescape by @kinow in PyCQA/bandit#454

... (truncated)

Commits

ca4faf2 Added a bit more project_urls (#985)
d87faed Check for github action updates monthly (#989)
72fa5a7 Improve handling nosec for multi-line strings (#915)
7e6f580 Improve detecting SQL injections in f-strings (#917)
fe1361f Correct build status badge in README (#980)
a762993 Fix breaking build due to new tox (#983)
91c4d97 DOC: Add explanation on how to use pre-commit with config file (#968)
d9fe642 Add official Python 3.11 support (#964)
3aaa2b0 remove py2 exec example in docs (#947)
a743858 Typo fix (#945)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

codecov · 2023-05-10T12:17:39Z

Codecov Report

Patch and project coverage have no change.

Comparison is base (52d0416) 93.33% compared to head (cf9cc92) 93.33%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #27   +/-   ##
=======================================
  Coverage   93.33%   93.33%           
=======================================
  Files           1        1           
  Lines          15       15           
=======================================
  Hits           14       14           
  Misses          1        1

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

Bumps [bandit[toml]](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](PyCQA/bandit@1.7.4...1.7.5) --- updated-dependencies: - dependency-name: bandit[toml] dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 10, 2023

dependabot bot force-pushed the dependabot/pip/bandit-toml--1.7.5 branch from 33b2133 to cf9cc92 Compare May 10, 2023 12:21

tugrulates merged commit 612083a into main May 10, 2023

tugrulates deleted the dependabot/pip/bandit-toml--1.7.5 branch May 10, 2023 12:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump bandit[toml] from 1.7.4 to 1.7.5 #27

Bump bandit[toml] from 1.7.4 to 1.7.5 #27

Uh oh!

dependabot bot commented on behalf of github May 10, 2023 •

edited

Loading

Uh oh!

codecov bot commented May 10, 2023 •

edited

Loading

Uh oh!

Uh oh!

Bump bandit[toml] from 1.7.4 to 1.7.5 #27

Bump bandit[toml] from 1.7.4 to 1.7.5 #27

Uh oh!

Conversation

dependabot bot commented on behalf of github May 10, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

1.7.5

What's Changed

Uh oh!

codecov bot commented May 10, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

dependabot bot commented on behalf of github May 10, 2023 •

edited

Loading

codecov bot commented May 10, 2023 •

edited

Loading