python/python-bandit
SHA256
14
0
Fork 0
forked from pool/python-bandit
Code Pull Requests Activity

Accepting request 1222690 from home:glaubitz:branches:devel:languages:python

Browse Source 
- Update to 1.7.10
  * Bump docker/build-push-action from 5.4.0 to 6.0.0
  * Suggested small refactors in assignments
  * Performance improvement in blacklist function
  * Add test for usage of FTP_TLS
  * New check: B113: TrojanSource - Bidirectional control characters
  * Bump docker/build-push-action from 6.0.0 to 6.1.0
  * feat(plugins): add support for httpx in B113
  * Nit: remove unused variable
  * Add recent releases to version choice in bug report
  * Bump docker/build-push-action from 6.1.0 to 6.2.0
  * Bump docker/build-push-action from 6.2.0 to 6.3.0
  * Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
  * Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
  * Bump docker/login-action from 3.2.0 to 3.3.0
  * Bump docker/build-push-action from 6.3.0 to 6.5.0
  * Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
  * Bump docker/build-push-action from 6.5.0 to 6.6.1
  * Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
  * Bump docker/build-push-action from 6.6.1 to 6.7.0
  * Use consistent file naming of docs
  * Pytorch Load / Save Plugin
- from version 1.7.9
  * Bump docker/build-push-action from 5.1.0 to 5.2.0
  * [pre-commit.ci] pre-commit autoupdate
  * New logo for Bandit based on raccoon
  * Start testing on Python 3.13
  * Bump docker/build-push-action from 5.2.0 to 5.3.0
  * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
  * Bump docker/login-action from 3.0.0 to 3.1.0

OBS-URL: https://build.opensuse.org/request/show/1222690
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=31
This commit is contained in:
Matej Cepl
2024-11-12 01:12:53 +00:00
committed by Git OBS Bridge
parent 8bba013141
commit 9a89229bea
5 changed files with 96 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bandit-1.7.10.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:59ed5caf5d92b6ada4bf65bc6437feea4a9da1093384445fed4d472acc6cff7b
size 4228540

3
bandit-1.7.6.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:72ce7bc9741374d96fb2f1c9a8960829885f1243ffde743de70a19cee353e8f3
size 1977532

82
python-bandit.changes
View File

@@ -1,3 +1,85 @@
-------------------------------------------------------------------
Fri Nov 8 09:21:01 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 1.7.10
* Bump docker/build-push-action from 5.4.0 to 6.0.0
* Suggested small refactors in assignments
* Performance improvement in blacklist function
* Add test for usage of FTP_TLS
* New check: B113: TrojanSource - Bidirectional control characters
* Bump docker/build-push-action from 6.0.0 to 6.1.0
* feat(plugins): add support for httpx in B113
* Nit: remove unused variable
* Add recent releases to version choice in bug report
* Bump docker/build-push-action from 6.1.0 to 6.2.0
* Bump docker/build-push-action from 6.2.0 to 6.3.0
* Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
* Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
* Bump docker/login-action from 3.2.0 to 3.3.0
* Bump docker/build-push-action from 6.3.0 to 6.5.0
* Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
* Bump docker/build-push-action from 6.5.0 to 6.6.1
* Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
* Bump docker/build-push-action from 6.6.1 to 6.7.0
* Use consistent file naming of docs
* Pytorch Load / Save Plugin
- from version 1.7.9
* Bump docker/build-push-action from 5.1.0 to 5.2.0
* [pre-commit.ci] pre-commit autoupdate
* New logo for Bandit based on raccoon
* Start testing on Python 3.13
* Bump docker/build-push-action from 5.2.0 to 5.3.0
* Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
* Bump docker/login-action from 3.0.0 to 3.1.0
* [pre-commit.ci] pre-commit autoupdate
* [pre-commit.ci] pre-commit autoupdate
* Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
* [pre-commit.ci] pre-commit autoupdate
* Bump sigstore/cosign-installer from 3.4.0 to 3.5.0
* [pre-commit.ci] pre-commit autoupdate
* Updates banner logo so it renders well in dark mode
* [pre-commit.ci] pre-commit autoupdate
* Add a sponsor section to README
* Ensure sarif extra is included as part of doc build
* Bump docker/login-action from 3.1.0 to 3.2.0
* [pre-commit.ci] pre-commit autoupdate
* [pre-commit.ci] pre-commit autoupdate
* Guard against empty call argument list
* Bump docker/build-push-action from 5.3.0 to 5.4.0
* Support configfile in .bandit file
- from version 1.7.8
* Incorrect tag naming in readme
* Utilize PyPI's trusted publishing
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
* Add 1.7.7 to versions of bug template
* Use datetime to avoid updating copyright year
* filter data is safe for tarfile extractall
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
* [B605] Add functions that are vulnerable to shell injection
* Add a SARIF output formatter
- from version 1.7.7
* Add the new release to bandit versions of bug template
* Bump actions/setup-python from 4 to 5
* Handle variant in how policy is passed in paramiko
* Flag str.replace as possible sql injection
* defusedxml: Show correct module name
* Add tidelift to the sponsor funding list
* Create a security policy
* Fix up issues found running Bandit on itself
* Add random.randbytes to blacklist calls
* Prepend ./ for files specified as CLI args
* Rework GitPython dependency to be an extra for bandit-baseline
* Bump actions/dependency-review-action from 3 to 4
* Introduce Official Bandit Images
* Remove markdown formatting in reStructuredText formatted README
* Downsize the org:repo name by
- Refresh remove-non-test-deps.patch
- Use Python 3.11 on SLE-15 by default
- Switch build system from setuptools to pyproject.toml
* Add python-pip and python-wheel to BuildRequires
* Replace %python_build with %pyproject_wheel
* Replace %python_install with %pyproject_install
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Dec 14 09:15:32 UTC 2023 - Petr Gajdos <pgajdos@suse.com> Thu Dec 14 09:15:32 UTC 2023 - Petr Gajdos <pgajdos@suse.com>

12
python-bandit.spec
View File

@@ -1,7 +1,7 @@
# #
# spec file for package python-bandit # spec file for package python-bandit
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@@ -15,7 +15,7 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
%{?sle15_python_module_pythons}
%global flavor @BUILD_FLAVOR@%{nil} %global flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "test" %if "%{flavor}" == "test"
%define psuffix -test %define psuffix -test
@@ -28,13 +28,15 @@
%define pythons python3 %define pythons python3
%bcond_without builddocs %bcond_without builddocs
Name: python-bandit Name: python-bandit
Version: 1.7.6 Version: 1.7.10
Release: 0 Release: 0
Summary: Security oriented static analyser for Python code Summary: Security oriented static analyser for Python code
License: Apache-2.0 License: Apache-2.0
URL: https://github.com/PyCQA/bandit URL: https://github.com/PyCQA/bandit
Source: https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz Source: https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz
Patch0: remove-non-test-deps.patch Patch0: remove-non-test-deps.patch
BuildRequires: %{python_module pip}
BuildRequires: %{python_module wheel}
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: python-rpm-macros BuildRequires: python-rpm-macros
Requires: python-GitPython >= 1.0.1 Requires: python-GitPython >= 1.0.1
@@ -82,12 +84,12 @@ sed -i '/^#!/d' bandit/__main__.py
%if !%{with test} %if !%{with test}
%build %build
%python_build %pyproject_wheel
%endif %endif
%if !%{with test} %if !%{with test}
%install %install
%python_install %pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib} %python_expand %fdupes %{buildroot}%{$python_sitelib}
%python_clone -a %{buildroot}%{_bindir}/bandit %python_clone -a %{buildroot}%{_bindir}/bandit
%python_clone -a %{buildroot}%{_bindir}/bandit-config-generator %python_clone -a %{buildroot}%{_bindir}/bandit-config-generator

10
remove-non-test-deps.patch
View File

@@ -1,8 +1,7 @@
Index: bandit-1.7.5/test-requirements.txt diff -Nru bandit-1.7.10.orig/test-requirements.txt bandit-1.7.10/test-requirements.txt
=================================================================== --- bandit-1.7.10.orig/test-requirements.txt 2024-09-23 17:33:25.000000000 +0000
--- bandit-1.7.5.orig/test-requirements.txt +++ bandit-1.7.10/test-requirements.txt 2024-11-08 09:03:23.050061631 +0000
+++ bandit-1.7.5/test-requirements.txt @@ -1,11 +1,8 @@
@@ -1,12 +1,9 @@
# The order of packages is significant, because pip processes them in the order # The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration # of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later. # process, which may cause wedges in the gate later.
@@ -12,6 +11,5 @@ Index: bandit-1.7.5/test-requirements.txt
stestr>=2.5.0 # Apache-2.0 stestr>=2.5.0 # Apache-2.0
testscenarios>=0.5.0 # Apache-2.0/BSD testscenarios>=0.5.0 # Apache-2.0/BSD
testtools>=2.3.0 # MIT testtools>=2.3.0 # MIT
tomli>=1.1.0;python_version<"3.11" # MIT
beautifulsoup4>=4.8.0 # MIT beautifulsoup4>=4.8.0 # MIT
-pylint==1.9.4 # GPLv2 -pylint==1.9.4 # GPLv2