- Convert to libalternatives on SLE-16-based and newer systems only
- Fix tests with libalternatives
- Update to 1.8.6
* Bump sigstore/cosign-installer from 3.8.2 to 3.9.0
by @dependabot in (#1279)
* Bump docker/setup-buildx-action from 3.10.0 to 3.11.1
by @dependabot in (#1278)
* Added hint to FreeBSD package in doc/source/integrations.rst
by @daniel-mohr in (#1282)
* Bump sigstore/cosign-installer from 3.9.0 to 3.9.1
by @dependabot in (#1284)
* Huggingface revision pinning by @lukehinds in (#1281)
- Update to 1.8.5
* Fix the rendering of the CI/CD doc (#1274)
* Fix for publish to PyPI failure (#1273)
- from version 1.8.4
* Add more random functions to B311 check (#1235)
* Metadata: rename classifier to classifiers (#1237)
* Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 (#1239)
* Bump docker/build-push-action from 6.13.0 to 6.14.0 (#1238)
* Bump docker/build-push-action from 6.14.0 to 6.15.0 (#1240)
* Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#1241)
* Bump docker/login-action from 3.3.0 to 3.4.0 (#1245)
* Bump bandit version in bug template (#1247)
* Fix traceback from trojansource plugin (#1248)
* Ensure the man page is built (#1257)
* Update documentation to cover `--severity-level` and `--confidence-level` (#1254)
* Use license property in lieu of classifier (#1259)
* Fix up some of the warnings when building docs (#1258)
* Add a doc describing various integrations (#1253)
* Use ubuntu latest for readthedocs build (#1260)
* Bump docker/build-push-action from 6.15.0 to 6.16.0 (#1261)
* Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#1262)
* Remove etc from list of temp paths (#1263)
* Bump docker/build-push-action from 6.16.0 to 6.17.0 (#1265)
* [pre-commit.ci] pre-commit autoupdate (#1266)
* Bump docker/build-push-action from 6.17.0 to 6.18.0 (#1268)
* Add github-actions documentation (#1172)
- Add bandit manpage to %files section
- Convert to libalternatives
OBS-URL: https://build.opensuse.org/request/show/1302232
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-bandit?expand=0&rev=18
- Update to 1.8.5
* Fix the rendering of the CI/CD doc (#1274)
* Fix for publish to PyPI failure (#1273)
- from version 1.8.4
* Add more random functions to B311 check (#1235)
* Metadata: rename classifier to classifiers (#1237)
* Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 (#1239)
* Bump docker/build-push-action from 6.13.0 to 6.14.0 (#1238)
* Bump docker/build-push-action from 6.14.0 to 6.15.0 (#1240)
* Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#1241)
* Bump docker/login-action from 3.3.0 to 3.4.0 (#1245)
* Bump bandit version in bug template (#1247)
* Fix traceback from trojansource plugin (#1248)
* Ensure the man page is built (#1257)
* Update documentation to cover `--severity-level` and `--confidence-level` (#1254)
* Use license property in lieu of classifier (#1259)
* Fix up some of the warnings when building docs (#1258)
* Add a doc describing various integrations (#1253)
* Use ubuntu latest for readthedocs build (#1260)
* Bump docker/build-push-action from 6.15.0 to 6.16.0 (#1261)
* Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#1262)
* Remove etc from list of temp paths (#1263)
* Bump docker/build-push-action from 6.16.0 to 6.17.0 (#1265)
* [pre-commit.ci] pre-commit autoupdate (#1266)
* Bump docker/build-push-action from 6.17.0 to 6.18.0 (#1268)
* Add github-actions documentation (#1172)
- Add bandit manpage to %files section
OBS-URL: https://build.opensuse.org/request/show/1288495
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=40
- Update to 1.8.3
* Bump docker/build-push-action from 6.10.0 to 6.11.0 (#1220)
* Bump docker/build-push-action from 6.11.0 to 6.12.0 (#1221)
* Bump docker/build-push-action from 6.12.0 to 6.13.0 (#1222)
* [pre-commit.ci] pre-commit autoupdate (#1229)
* Update bug template to include latest released versions (#1218)
* Add markupsafe.Markup XSS plugin (#1225)
* Warn not error on an nonexistant test given (#1230)
* Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (#1233)
* Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#1234)
* B107: Skip None values in hardcoded password detection (#1232)
* Pytorch fix (#1231)
OBS-URL: https://build.opensuse.org/request/show/1248080
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=37
- update to 1.8.2:
* Clarify "getting started" docs (#963)
* Remove lxml (B320 & B410) from blacklist (#1212)
* Add Mercedes-Benz to sponsor list (#1210)
* Remove more leftover OpenStack references (#1195)
* Remove Sentry as a sponsor (#1198)
* Add a JSON to seek funding from the FLOSS/fund (#1194)
* Update project urls with added links (#1193)
* Mark Python 3.13 as officially supported (#1192)
* No need to check httpx client without timeout defined (#1177)
* Add more insecure cryptography cipher algorithms (#1185)
* Removal of Python 3.8 support (#1174)
* Rename doc file to match proper bandit ID (#1183)
* Replace setattr (#493) @tylerwince
- cli tool, don't build with multiple python versions
OBS-URL: https://build.opensuse.org/request/show/1242593
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-bandit?expand=0&rev=16
* Clarify "getting started" docs (#963)
* Remove lxml (B320 & B410) from blacklist (#1212)
* Add Mercedes-Benz to sponsor list (#1210)
* Remove more leftover OpenStack references (#1195)
* Remove Sentry as a sponsor (#1198)
* Add a JSON to seek funding from the FLOSS/fund (#1194)
* Update project urls with added links (#1193)
* Mark Python 3.13 as officially supported (#1192)
* No need to check httpx client without timeout defined (#1177)
* Add more insecure cryptography cipher algorithms (#1185)
* Removal of Python 3.8 support (#1174)
* Rename doc file to match proper bandit ID (#1183)
* Replace setattr (#493) @tylerwince
- cli tool, don't build with multiple python versions
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=35
- Add missing BRs and establish Requires according to pyproject.toml.
- Update to 1.7.10
* Bump docker/build-push-action from 5.4.0 to 6.0.0
* Suggested small refactors in assignments
* Performance improvement in blacklist function
* Add test for usage of FTP_TLS
* New check: B113: TrojanSource - Bidirectional control characters
* Bump docker/build-push-action from 6.0.0 to 6.1.0
* feat(plugins): add support for httpx in B113
* Nit: remove unused variable
* Add recent releases to version choice in bug report
* Bump docker/build-push-action from 6.1.0 to 6.2.0
* Bump docker/build-push-action from 6.2.0 to 6.3.0
* Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
* Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
* Bump docker/login-action from 3.2.0 to 3.3.0
* Bump docker/build-push-action from 6.3.0 to 6.5.0
* Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
* Bump docker/build-push-action from 6.5.0 to 6.6.1
* Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
* Bump docker/build-push-action from 6.6.1 to 6.7.0
* Use consistent file naming of docs
* Pytorch Load / Save Plugin
- from version 1.7.9
* Bump docker/build-push-action from 5.1.0 to 5.2.0
* [pre-commit.ci] pre-commit autoupdate
* New logo for Bandit based on raccoon
* Start testing on Python 3.13
* Bump docker/build-push-action from 5.2.0 to 5.3.0
* Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
* Bump docker/login-action from 3.0.0 to 3.1.0
* [pre-commit.ci] pre-commit autoupdate
* [pre-commit.ci] pre-commit autoupdate
* Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
* [pre-commit.ci] pre-commit autoupdate
* Bump sigstore/cosign-installer from 3.4.0 to 3.5.0
* [pre-commit.ci] pre-commit autoupdate
* Updates banner logo so it renders well in dark mode
* [pre-commit.ci] pre-commit autoupdate
* Add a sponsor section to README
* Ensure sarif extra is included as part of doc build
* Bump docker/login-action from 3.1.0 to 3.2.0
* [pre-commit.ci] pre-commit autoupdate
* [pre-commit.ci] pre-commit autoupdate
* Guard against empty call argument list
* Bump docker/build-push-action from 5.3.0 to 5.4.0
* Support configfile in .bandit file
- from version 1.7.8
* Incorrect tag naming in readme
* Utilize PyPI's trusted publishing
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
* Add 1.7.7 to versions of bug template
* Use datetime to avoid updating copyright year
* filter data is safe for tarfile extractall
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
* [B605] Add functions that are vulnerable to shell injection
* Add a SARIF output formatter
- from version 1.7.7
* Add the new release to bandit versions of bug template
* Bump actions/setup-python from 4 to 5
* Handle variant in how policy is passed in paramiko
* Flag str.replace as possible sql injection
* defusedxml: Show correct module name
* Add tidelift to the sponsor funding list
* Create a security policy
* Fix up issues found running Bandit on itself
* Add random.randbytes to blacklist calls
* Prepend ./ for files specified as CLI args
* Rework GitPython dependency to be an extra for bandit-baseline
* Bump actions/dependency-review-action from 3 to 4
* Introduce Official Bandit Images
* Remove markdown formatting in reStructuredText formatted README
* Downsize the org:repo name by
- Refresh remove-non-test-deps.patch
- Use Python 3.11 on SLE-15 by default
- Switch build system from setuptools to pyproject.toml
* Add python-pip and python-wheel to BuildRequires
* Replace %python_build with %pyproject_wheel
* Replace %python_install with %pyproject_install
OBS-URL: https://build.opensuse.org/request/show/1223777
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-bandit?expand=0&rev=15
- Update to 1.7.10
* Bump docker/build-push-action from 5.4.0 to 6.0.0
* Suggested small refactors in assignments
* Performance improvement in blacklist function
* Add test for usage of FTP_TLS
* New check: B113: TrojanSource - Bidirectional control characters
* Bump docker/build-push-action from 6.0.0 to 6.1.0
* feat(plugins): add support for httpx in B113
* Nit: remove unused variable
* Add recent releases to version choice in bug report
* Bump docker/build-push-action from 6.1.0 to 6.2.0
* Bump docker/build-push-action from 6.2.0 to 6.3.0
* Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
* Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
* Bump docker/login-action from 3.2.0 to 3.3.0
* Bump docker/build-push-action from 6.3.0 to 6.5.0
* Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
* Bump docker/build-push-action from 6.5.0 to 6.6.1
* Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
* Bump docker/build-push-action from 6.6.1 to 6.7.0
* Use consistent file naming of docs
* Pytorch Load / Save Plugin
- from version 1.7.9
* Bump docker/build-push-action from 5.1.0 to 5.2.0
* [pre-commit.ci] pre-commit autoupdate
* New logo for Bandit based on raccoon
* Start testing on Python 3.13
* Bump docker/build-push-action from 5.2.0 to 5.3.0
* Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
* Bump docker/login-action from 3.0.0 to 3.1.0
OBS-URL: https://build.opensuse.org/request/show/1222690
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=31
