forked from pool/python-bandit
Accepting request 1222690 from home:glaubitz:branches:devel:languages:python
- Update to 1.7.10 * Bump docker/build-push-action from 5.4.0 to 6.0.0 * Suggested small refactors in assignments * Performance improvement in blacklist function * Add test for usage of FTP_TLS * New check: B113: TrojanSource - Bidirectional control characters * Bump docker/build-push-action from 6.0.0 to 6.1.0 * feat(plugins): add support for httpx in B113 * Nit: remove unused variable * Add recent releases to version choice in bug report * Bump docker/build-push-action from 6.1.0 to 6.2.0 * Bump docker/build-push-action from 6.2.0 to 6.3.0 * Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 * Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 * Bump docker/login-action from 3.2.0 to 3.3.0 * Bump docker/build-push-action from 6.3.0 to 6.5.0 * Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 * Bump docker/build-push-action from 6.5.0 to 6.6.1 * Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 * Bump docker/build-push-action from 6.6.1 to 6.7.0 * Use consistent file naming of docs * Pytorch Load / Save Plugin - from version 1.7.9 * Bump docker/build-push-action from 5.1.0 to 5.2.0 * [pre-commit.ci] pre-commit autoupdate * New logo for Bandit based on raccoon * Start testing on Python 3.13 * Bump docker/build-push-action from 5.2.0 to 5.3.0 * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 * Bump docker/login-action from 3.0.0 to 3.1.0 OBS-URL: https://build.opensuse.org/request/show/1222690 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=31
This commit is contained in:
Git OBS Bridge
3
bandit-1.7.10.tar.gz
Normal file
3
bandit-1.7.10.tar.gz
Normal file
@@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:59ed5caf5d92b6ada4bf65bc6437feea4a9da1093384445fed4d472acc6cff7b
|
||||
size 4228540
|
||||
@@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:72ce7bc9741374d96fb2f1c9a8960829885f1243ffde743de70a19cee353e8f3
|
||||
size 1977532
|
||||
@@ -1,3 +1,85 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 8 09:21:01 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to 1.7.10
|
||||
* Bump docker/build-push-action from 5.4.0 to 6.0.0
|
||||
* Suggested small refactors in assignments
|
||||
* Performance improvement in blacklist function
|
||||
* Add test for usage of FTP_TLS
|
||||
* New check: B113: TrojanSource - Bidirectional control characters
|
||||
* Bump docker/build-push-action from 6.0.0 to 6.1.0
|
||||
* feat(plugins): add support for httpx in B113
|
||||
* Nit: remove unused variable
|
||||
* Add recent releases to version choice in bug report
|
||||
* Bump docker/build-push-action from 6.1.0 to 6.2.0
|
||||
* Bump docker/build-push-action from 6.2.0 to 6.3.0
|
||||
* Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
|
||||
* Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
|
||||
* Bump docker/login-action from 3.2.0 to 3.3.0
|
||||
* Bump docker/build-push-action from 6.3.0 to 6.5.0
|
||||
* Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
|
||||
* Bump docker/build-push-action from 6.5.0 to 6.6.1
|
||||
* Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
|
||||
* Bump docker/build-push-action from 6.6.1 to 6.7.0
|
||||
* Use consistent file naming of docs
|
||||
* Pytorch Load / Save Plugin
|
||||
- from version 1.7.9
|
||||
* Bump docker/build-push-action from 5.1.0 to 5.2.0
|
||||
* [pre-commit.ci] pre-commit autoupdate
|
||||
* New logo for Bandit based on raccoon
|
||||
* Start testing on Python 3.13
|
||||
* Bump docker/build-push-action from 5.2.0 to 5.3.0
|
||||
* Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
|
||||
* Bump docker/login-action from 3.0.0 to 3.1.0
|
||||
* [pre-commit.ci] pre-commit autoupdate
|
||||
* [pre-commit.ci] pre-commit autoupdate
|
||||
* Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
|
||||
* [pre-commit.ci] pre-commit autoupdate
|
||||
* Bump sigstore/cosign-installer from 3.4.0 to 3.5.0
|
||||
* [pre-commit.ci] pre-commit autoupdate
|
||||
* Updates banner logo so it renders well in dark mode
|
||||
* [pre-commit.ci] pre-commit autoupdate
|
||||
* Add a sponsor section to README
|
||||
* Ensure sarif extra is included as part of doc build
|
||||
* Bump docker/login-action from 3.1.0 to 3.2.0
|
||||
* [pre-commit.ci] pre-commit autoupdate
|
||||
* [pre-commit.ci] pre-commit autoupdate
|
||||
* Guard against empty call argument list
|
||||
* Bump docker/build-push-action from 5.3.0 to 5.4.0
|
||||
* Support configfile in .bandit file
|
||||
- from version 1.7.8
|
||||
* Incorrect tag naming in readme
|
||||
* Utilize PyPI's trusted publishing
|
||||
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
|
||||
* Add 1.7.7 to versions of bug template
|
||||
* Use datetime to avoid updating copyright year
|
||||
* filter data is safe for tarfile extractall
|
||||
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
|
||||
* [B605] Add functions that are vulnerable to shell injection
|
||||
* Add a SARIF output formatter
|
||||
- from version 1.7.7
|
||||
* Add the new release to bandit versions of bug template
|
||||
* Bump actions/setup-python from 4 to 5
|
||||
* Handle variant in how policy is passed in paramiko
|
||||
* Flag str.replace as possible sql injection
|
||||
* defusedxml: Show correct module name
|
||||
* Add tidelift to the sponsor funding list
|
||||
* Create a security policy
|
||||
* Fix up issues found running Bandit on itself
|
||||
* Add random.randbytes to blacklist calls
|
||||
* Prepend ./ for files specified as CLI args
|
||||
* Rework GitPython dependency to be an extra for bandit-baseline
|
||||
* Bump actions/dependency-review-action from 3 to 4
|
||||
* Introduce Official Bandit Images
|
||||
* Remove markdown formatting in reStructuredText formatted README
|
||||
* Downsize the org:repo name by
|
||||
- Refresh remove-non-test-deps.patch
|
||||
- Use Python 3.11 on SLE-15 by default
|
||||
- Switch build system from setuptools to pyproject.toml
|
||||
* Add python-pip and python-wheel to BuildRequires
|
||||
* Replace %python_build with %pyproject_wheel
|
||||
* Replace %python_install with %pyproject_install
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 14 09:15:32 UTC 2023 - Petr Gajdos <pgajdos@suse.com>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package python-bandit
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -15,7 +15,7 @@
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%{?sle15_python_module_pythons}
|
||||
%global flavor @BUILD_FLAVOR@%{nil}
|
||||
%if "%{flavor}" == "test"
|
||||
%define psuffix -test
|
||||
@@ -28,13 +28,15 @@
|
||||
%define pythons python3
|
||||
%bcond_without builddocs
|
||||
Name: python-bandit
|
||||
Version: 1.7.6
|
||||
Version: 1.7.10
|
||||
Release: 0
|
||||
Summary: Security oriented static analyser for Python code
|
||||
License: Apache-2.0
|
||||
URL: https://github.com/PyCQA/bandit
|
||||
Source: https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz
|
||||
Patch0: remove-non-test-deps.patch
|
||||
BuildRequires: %{python_module pip}
|
||||
BuildRequires: %{python_module wheel}
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: python-rpm-macros
|
||||
Requires: python-GitPython >= 1.0.1
|
||||
@@ -82,12 +84,12 @@ sed -i '/^#!/d' bandit/__main__.py
|
||||
|
||||
%if !%{with test}
|
||||
%build
|
||||
%python_build
|
||||
%pyproject_wheel
|
||||
%endif
|
||||
|
||||
%if !%{with test}
|
||||
%install
|
||||
%python_install
|
||||
%pyproject_install
|
||||
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||
%python_clone -a %{buildroot}%{_bindir}/bandit
|
||||
%python_clone -a %{buildroot}%{_bindir}/bandit-config-generator
|
||||
|
||||
@@ -1,8 +1,7 @@
|
||||
Index: bandit-1.7.5/test-requirements.txt
|
||||
===================================================================
|
||||
--- bandit-1.7.5.orig/test-requirements.txt
|
||||
+++ bandit-1.7.5/test-requirements.txt
|
||||
@@ -1,12 +1,9 @@
|
||||
diff -Nru bandit-1.7.10.orig/test-requirements.txt bandit-1.7.10/test-requirements.txt
|
||||
--- bandit-1.7.10.orig/test-requirements.txt 2024-09-23 17:33:25.000000000 +0000
|
||||
+++ bandit-1.7.10/test-requirements.txt 2024-11-08 09:03:23.050061631 +0000
|
||||
@@ -1,11 +1,8 @@
|
||||
# The order of packages is significant, because pip processes them in the order
|
||||
# of appearance. Changing the order has an impact on the overall integration
|
||||
# process, which may cause wedges in the gate later.
|
||||
@@ -12,6 +11,5 @@ Index: bandit-1.7.5/test-requirements.txt
|
||||
stestr>=2.5.0 # Apache-2.0
|
||||
testscenarios>=0.5.0 # Apache-2.0/BSD
|
||||
testtools>=2.3.0 # MIT
|
||||
tomli>=1.1.0;python_version<"3.11" # MIT
|
||||
beautifulsoup4>=4.8.0 # MIT
|
||||
-pylint==1.9.4 # GPLv2
|
||||
|
||||
Reference in New Issue
Block a user