From d71939e9e2d58b039f4197b65f28bbf199b736bc8f4becc7bb49b5fdfe4ee889 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Mon, 24 Jul 2023 20:24:10 +0000
Subject: [PATCH] - update to 1.7.5:   * Added a bit more \`project\_urls\`   *
 Check for github action updates monthly   * Improve handling nosec for
 multi-line strings   * Improve detecting SQL injections in f-strings   *
 Correct build status badge in README   * Fix breaking build due to new tox  
 * DOC: Add explanation on how to use pre-commit with config     file   * Add
 official Python 3.11 support   * remove py2 exec example in docs   * Typo fix
   * [docs] Mention \`exclude\_dirs\` option available in TOML and     YAML  
 * Fix AttributeError on detect of tuple assign condition   * Fix json and
 yaml formatters to respect num lines   * Fixup some invalid pickle testing  
 * Pass correct number of arguments to match the \`%s\`     placeholders.   *
 Remove python 2 reference in docs   * Fix filename of B202 in docs   *
 weak\_cryptographic\_key assumes positional arg   * Check for deprecated TLS
 1.1   * Adding tarfile.extractall() plugin with examples   * Fix issue #453
 jinja2 template select\_autoescape when using     jinja2.select\_autoescape  
 * Fix a false positive condition yaml\_load   * Add case for global exec   *
 Docs for request without timeout has dead link   * Blacklist pandas
 read\_pickle and add functional test for it

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=25
---
 bandit-1.7.4.tar.gz        |  3 --
 bandit-1.7.5.tar.gz        |  3 ++
 python-bandit.changes      | 79 ++++++++++++++++++++++++++++++++++++++
 python-bandit.spec         |  4 +-
 remove-non-test-deps.patch |  8 ++--
 5 files changed, 88 insertions(+), 9 deletions(-)
 delete mode 100644 bandit-1.7.4.tar.gz
 create mode 100644 bandit-1.7.5.tar.gz

diff --git a/bandit-1.7.4.tar.gz b/bandit-1.7.4.tar.gz
deleted file mode 100644
index ebaeac8..0000000
--- a/bandit-1.7.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2d63a8c573417bae338962d4b9b06fbc6080f74ecd955a092849e1e65c717bd2
-size 495104
diff --git a/bandit-1.7.5.tar.gz b/bandit-1.7.5.tar.gz
new file mode 100644
index 0000000..5f093cd
--- /dev/null
+++ b/bandit-1.7.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bdfc739baa03b880c2d15d0431b31c658ffc348e907fe197e54e0389dd59e11e
+size 1970878
diff --git a/python-bandit.changes b/python-bandit.changes
index 04e012b..7fb0e33 100644
--- a/python-bandit.changes
+++ b/python-bandit.changes
@@ -1,3 +1,82 @@
+-------------------------------------------------------------------
+Mon Jul 24 20:22:50 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.7.5:
+  * Added a bit more \`project\_urls\`
+  * Check for github action updates monthly
+  * Improve handling nosec for multi-line strings
+  * Improve detecting SQL injections in f-strings
+  * Correct build status badge in README
+  * Fix breaking build due to new tox
+  * DOC: Add explanation on how to use pre-commit with config
+    file
+  * Add official Python 3.11 support
+  * remove py2 exec example in docs
+  * Typo fix
+  * [docs] Mention \`exclude\_dirs\` option available in TOML and
+    YAML
+  * Fix AttributeError on detect of tuple assign condition
+  * Fix json and yaml formatters to respect num lines
+  * Fixup some invalid pickle testing
+  * Pass correct number of arguments to match the \`%s\`
+    placeholders.
+  * Remove python 2 reference in docs
+  * Fix filename of B202 in docs
+  * weak\_cryptographic\_key assumes positional arg
+  * Check for deprecated TLS 1.1
+  * Adding tarfile.extractall() plugin with examples
+  * Fix issue #453 jinja2 template select\_autoescape when using
+    jinja2.select\_autoescape
+  * Fix a false positive condition yaml\_load
+  * Add case for global exec
+  * Docs for request without timeout has dead link
+  * Blacklist pandas read\_pickle and add functional test for it
+  * Enhancement Proposal: Plugin "assert\_used" config-skip
+    snippet
+  * Add end\_col\_offset if available
+  * Fix reading the number argument from config file
+  * add jsonpickle deserialization blacklist
+  * Add some missing curve types
+  * Remove invalid checking on hashlib
+  * Avoid redundant message if debug on
+  * Update version of dependency-review-action
+  * Add releases link in "Version control integration"
+  * Add another bad example of yaml load
+  * Specify semver range for Python 3.11
+  * Make small fixes in docs
+  * Test plugin listing incorrectly pointing b612 to plugin ref
+    of b1022
+  * Close the <b> tag in HTML formatter
+  * Add dependency review action
+  * Update action versions in Actions workflows (#890)
+  * Add Discord link to README
+  * Add myself to sponsor list
+  * Test against Python 3.11
+  * Corrected documentation on configuration
+  * Remove redundant pip line
+  * Removal of ghugo
+  * Adding logging.config.listen() plugin with examples
+  * Add a Discord link to the docs
+  * Add request for feedback via 👍
+  * Remove redundant word Bandit in titles of sections
+  * Add license and contributing links to docs
+  * Fix for build breaks in format job
+  * add check for "requests" calls without timeout
+  * Fix up B109 and B111 removed plugins docs
+  * Replace \`toml\` with \`tomli\`
+  * Make use of rich for the progress bar
+  * Add doc for hashlib plugin
+  * Add the httpx module check for verify
+  * Indiciate hash type in message
+  * Remove blacklist call check for os.tempnam
+  * Removal of blacklist call B309 httpsconnection
+  * Add classifier to indicate Py3 only
+  * Fix line range using Python 3.8 end\_lineno
+  * Group location line with code output
+  * Use a constant for weak hashes
+  * Bad link to screen shot
+  * Add an example screen shot of Bandit to README
+
 -------------------------------------------------------------------
 Thu Oct 27 11:16:40 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>
 
diff --git a/python-bandit.spec b/python-bandit.spec
index 2bbfd9e..43bc2e6 100644
--- a/python-bandit.spec
+++ b/python-bandit.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-bandit
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
 %define pythons python3
 %bcond_without  builddocs
 Name:           python-bandit
-Version:        1.7.4
+Version:        1.7.5
 Release:        0
 Summary:        Security oriented static analyser for Python code
 License:        Apache-2.0
diff --git a/remove-non-test-deps.patch b/remove-non-test-deps.patch
index cda9c58..52b09df 100644
--- a/remove-non-test-deps.patch
+++ b/remove-non-test-deps.patch
@@ -1,7 +1,7 @@
-Index: bandit-1.7.2/test-requirements.txt
+Index: bandit-1.7.5/test-requirements.txt
 ===================================================================
---- bandit-1.7.2.orig/test-requirements.txt
-+++ bandit-1.7.2/test-requirements.txt
+--- bandit-1.7.5.orig/test-requirements.txt
++++ bandit-1.7.5/test-requirements.txt
 @@ -1,12 +1,9 @@
  # The order of packages is significant, because pip processes them in the order
  # of appearance. Changing the order has an impact on the overall integration
@@ -12,6 +12,6 @@ Index: bandit-1.7.2/test-requirements.txt
  stestr>=2.5.0 # Apache-2.0
  testscenarios>=0.5.0 # Apache-2.0/BSD
  testtools>=2.3.0 # MIT
- toml # MIT
+ tomli>=1.1.0;python_version<"3.11" # MIT
  beautifulsoup4>=4.8.0 # MIT
 -pylint==1.9.4 # GPLv2