From 9a89229beadf71dba56c80e30addbcd694f26c2f6215ec186e45cdff88efbd05 Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Tue, 12 Nov 2024 01:12:53 +0000
Subject: [PATCH] Accepting request 1222690 from
 home:glaubitz:branches:devel:languages:python

- Update to 1.7.10
  * Bump docker/build-push-action from 5.4.0 to 6.0.0
  * Suggested small refactors in assignments
  * Performance improvement in blacklist function
  * Add test for usage of FTP_TLS
  * New check: B113: TrojanSource - Bidirectional control characters
  * Bump docker/build-push-action from 6.0.0 to 6.1.0
  * feat(plugins): add support for httpx in B113
  * Nit: remove unused variable
  * Add recent releases to version choice in bug report
  * Bump docker/build-push-action from 6.1.0 to 6.2.0
  * Bump docker/build-push-action from 6.2.0 to 6.3.0
  * Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
  * Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
  * Bump docker/login-action from 3.2.0 to 3.3.0
  * Bump docker/build-push-action from 6.3.0 to 6.5.0
  * Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
  * Bump docker/build-push-action from 6.5.0 to 6.6.1
  * Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
  * Bump docker/build-push-action from 6.6.1 to 6.7.0
  * Use consistent file naming of docs
  * Pytorch Load / Save Plugin
- from version 1.7.9
  * Bump docker/build-push-action from 5.1.0 to 5.2.0
  * [pre-commit.ci] pre-commit autoupdate
  * New logo for Bandit based on raccoon
  * Start testing on Python 3.13
  * Bump docker/build-push-action from 5.2.0 to 5.3.0
  * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
  * Bump docker/login-action from 3.0.0 to 3.1.0

OBS-URL: https://build.opensuse.org/request/show/1222690
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=31
---
 bandit-1.7.10.tar.gz       |  3 ++
 bandit-1.7.6.tar.gz        |  3 --
 python-bandit.changes      | 82 ++++++++++++++++++++++++++++++++++++++
 python-bandit.spec         | 12 +++---
 remove-non-test-deps.patch | 10 ++---
 5 files changed, 96 insertions(+), 14 deletions(-)
 create mode 100644 bandit-1.7.10.tar.gz
 delete mode 100644 bandit-1.7.6.tar.gz

diff --git a/bandit-1.7.10.tar.gz b/bandit-1.7.10.tar.gz
new file mode 100644
index 0000000..28907c6
--- /dev/null
+++ b/bandit-1.7.10.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:59ed5caf5d92b6ada4bf65bc6437feea4a9da1093384445fed4d472acc6cff7b
+size 4228540
diff --git a/bandit-1.7.6.tar.gz b/bandit-1.7.6.tar.gz
deleted file mode 100644
index 2728ff4..0000000
--- a/bandit-1.7.6.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:72ce7bc9741374d96fb2f1c9a8960829885f1243ffde743de70a19cee353e8f3
-size 1977532
diff --git a/python-bandit.changes b/python-bandit.changes
index d01e374..ba0d045 100644
--- a/python-bandit.changes
+++ b/python-bandit.changes
@@ -1,3 +1,85 @@
+-------------------------------------------------------------------
+Fri Nov  8 09:21:01 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.7.10
+  * Bump docker/build-push-action from 5.4.0 to 6.0.0
+  * Suggested small refactors in assignments
+  * Performance improvement in blacklist function
+  * Add test for usage of FTP_TLS
+  * New check: B113: TrojanSource - Bidirectional control characters
+  * Bump docker/build-push-action from 6.0.0 to 6.1.0
+  * feat(plugins): add support for httpx in B113
+  * Nit: remove unused variable
+  * Add recent releases to version choice in bug report
+  * Bump docker/build-push-action from 6.1.0 to 6.2.0
+  * Bump docker/build-push-action from 6.2.0 to 6.3.0
+  * Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
+  * Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
+  * Bump docker/login-action from 3.2.0 to 3.3.0
+  * Bump docker/build-push-action from 6.3.0 to 6.5.0
+  * Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
+  * Bump docker/build-push-action from 6.5.0 to 6.6.1
+  * Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
+  * Bump docker/build-push-action from 6.6.1 to 6.7.0
+  * Use consistent file naming of docs
+  * Pytorch Load / Save Plugin
+- from version 1.7.9
+  * Bump docker/build-push-action from 5.1.0 to 5.2.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * New logo for Bandit based on raccoon
+  * Start testing on Python 3.13
+  * Bump docker/build-push-action from 5.2.0 to 5.3.0
+  * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
+  * Bump docker/login-action from 3.0.0 to 3.1.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * [pre-commit.ci] pre-commit autoupdate
+  * Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * Bump sigstore/cosign-installer from 3.4.0 to 3.5.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * Updates banner logo so it renders well in dark mode
+  * [pre-commit.ci] pre-commit autoupdate
+  * Add a sponsor section to README
+  * Ensure sarif extra is included as part of doc build
+  * Bump docker/login-action from 3.1.0 to 3.2.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * [pre-commit.ci] pre-commit autoupdate
+  * Guard against empty call argument list
+  * Bump docker/build-push-action from 5.3.0 to 5.4.0
+  * Support configfile in .bandit file
+- from version 1.7.8
+  * Incorrect tag naming in readme
+  * Utilize PyPI's trusted publishing
+  * Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
+  * Add 1.7.7 to versions of bug template
+  * Use datetime to avoid updating copyright year
+  * filter data is safe for tarfile extractall
+  * Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
+  * [B605] Add functions that are vulnerable to shell injection
+  * Add a SARIF output formatter
+- from version 1.7.7
+  * Add the new release to bandit versions of bug template
+  * Bump actions/setup-python from 4 to 5
+  * Handle variant in how policy is passed in paramiko
+  * Flag str.replace as possible sql injection
+  * defusedxml: Show correct module name
+  * Add tidelift to the sponsor funding list
+  * Create a security policy
+  * Fix up issues found running Bandit on itself
+  * Add random.randbytes to blacklist calls
+  * Prepend ./ for files specified as CLI args
+  * Rework GitPython dependency to be an extra for bandit-baseline
+  * Bump actions/dependency-review-action from 3 to 4
+  * Introduce Official Bandit Images
+  * Remove markdown formatting in reStructuredText formatted README
+  * Downsize the org:repo name by
+- Refresh remove-non-test-deps.patch
+- Use Python 3.11 on SLE-15 by default
+- Switch build system from setuptools to pyproject.toml
+  * Add python-pip and python-wheel to BuildRequires
+  * Replace %python_build with %pyproject_wheel
+  * Replace %python_install with %pyproject_install
+
 -------------------------------------------------------------------
 Thu Dec 14 09:15:32 UTC 2023 - Petr Gajdos <pgajdos@suse.com>
 
diff --git a/python-bandit.spec b/python-bandit.spec
index b90de66..1d5b4ca 100644
--- a/python-bandit.spec
+++ b/python-bandit.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-bandit
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,7 +15,7 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
-
+%{?sle15_python_module_pythons}
 %global flavor @BUILD_FLAVOR@%{nil}
 %if "%{flavor}" == "test"
 %define psuffix -test
@@ -28,13 +28,15 @@
 %define pythons python3
 %bcond_without  builddocs
 Name:           python-bandit
-Version:        1.7.6
+Version:        1.7.10
 Release:        0
 Summary:        Security oriented static analyser for Python code
 License:        Apache-2.0
 URL:            https://github.com/PyCQA/bandit
 Source:         https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz
 Patch0:         remove-non-test-deps.patch
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       python-GitPython >= 1.0.1
@@ -82,12 +84,12 @@ sed -i '/^#!/d' bandit/__main__.py
 
 %if !%{with test}
 %build
-%python_build
+%pyproject_wheel
 %endif
 
 %if !%{with test}
 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 %python_clone -a %{buildroot}%{_bindir}/bandit
 %python_clone -a %{buildroot}%{_bindir}/bandit-config-generator
diff --git a/remove-non-test-deps.patch b/remove-non-test-deps.patch
index 52b09df..b873b9c 100644
--- a/remove-non-test-deps.patch
+++ b/remove-non-test-deps.patch
@@ -1,8 +1,7 @@
-Index: bandit-1.7.5/test-requirements.txt
-===================================================================
---- bandit-1.7.5.orig/test-requirements.txt
-+++ bandit-1.7.5/test-requirements.txt
-@@ -1,12 +1,9 @@
+diff -Nru bandit-1.7.10.orig/test-requirements.txt bandit-1.7.10/test-requirements.txt
+--- bandit-1.7.10.orig/test-requirements.txt	2024-09-23 17:33:25.000000000 +0000
++++ bandit-1.7.10/test-requirements.txt	2024-11-08 09:03:23.050061631 +0000
+@@ -1,11 +1,8 @@
  # The order of packages is significant, because pip processes them in the order
  # of appearance. Changing the order has an impact on the overall integration
  # process, which may cause wedges in the gate later.
@@ -12,6 +11,5 @@ Index: bandit-1.7.5/test-requirements.txt
  stestr>=2.5.0 # Apache-2.0
  testscenarios>=0.5.0 # Apache-2.0/BSD
  testtools>=2.3.0 # MIT
- tomli>=1.1.0;python_version<"3.11" # MIT
  beautifulsoup4>=4.8.0 # MIT
 -pylint==1.9.4 # GPLv2