python/python-bandit
SHA256
14
0
Fork 0
forked from pool/python-bandit
Code Pull Requests Activity

- update to 1.7.5:

Browse Source 
* Added a bit more \`project\_urls\`
  * Check for github action updates monthly
  * Improve handling nosec for multi-line strings
  * Improve detecting SQL injections in f-strings
  * Correct build status badge in README
  * Fix breaking build due to new tox
  * DOC: Add explanation on how to use pre-commit with config
    file
  * Add official Python 3.11 support
  * remove py2 exec example in docs
  * Typo fix
  * [docs] Mention \`exclude\_dirs\` option available in TOML and
    YAML
  * Fix AttributeError on detect of tuple assign condition
  * Fix json and yaml formatters to respect num lines
  * Fixup some invalid pickle testing
  * Pass correct number of arguments to match the \`%s\`
    placeholders.
  * Remove python 2 reference in docs
  * Fix filename of B202 in docs
  * weak\_cryptographic\_key assumes positional arg
  * Check for deprecated TLS 1.1
  * Adding tarfile.extractall() plugin with examples
  * Fix issue #453 jinja2 template select\_autoescape when using
    jinja2.select\_autoescape
  * Fix a false positive condition yaml\_load
  * Add case for global exec
  * Docs for request without timeout has dead link
  * Blacklist pandas read\_pickle and add functional test for it

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=25
This commit is contained in:
Dirk Mueller
2023-07-24 20:24:10 +00:00
committed by Git OBS Bridge
parent 58e5430d73
commit d71939e9e2
5 changed files with 88 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bandit-1.7.4.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2d63a8c573417bae338962d4b9b06fbc6080f74ecd955a092849e1e65c717bd2
size 495104

3
bandit-1.7.5.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bdfc739baa03b880c2d15d0431b31c658ffc348e907fe197e54e0389dd59e11e
size 1970878

79
python-bandit.changes
View File

@@ -1,3 +1,82 @@
-------------------------------------------------------------------
Mon Jul 24 20:22:50 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.7.5:
* Added a bit more \`project\_urls\`
* Check for github action updates monthly
* Improve handling nosec for multi-line strings
* Improve detecting SQL injections in f-strings
* Correct build status badge in README
* Fix breaking build due to new tox
* DOC: Add explanation on how to use pre-commit with config
file
* Add official Python 3.11 support
* remove py2 exec example in docs
* Typo fix
* [docs] Mention \`exclude\_dirs\` option available in TOML and
YAML
* Fix AttributeError on detect of tuple assign condition
* Fix json and yaml formatters to respect num lines
* Fixup some invalid pickle testing
* Pass correct number of arguments to match the \`%s\`
placeholders.
* Remove python 2 reference in docs
* Fix filename of B202 in docs
* weak\_cryptographic\_key assumes positional arg
* Check for deprecated TLS 1.1
* Adding tarfile.extractall() plugin with examples
* Fix issue #453 jinja2 template select\_autoescape when using
jinja2.select\_autoescape
* Fix a false positive condition yaml\_load
* Add case for global exec
* Docs for request without timeout has dead link
* Blacklist pandas read\_pickle and add functional test for it
* Enhancement Proposal: Plugin "assert\_used" config-skip
snippet
* Add end\_col\_offset if available
* Fix reading the number argument from config file
* add jsonpickle deserialization blacklist
* Add some missing curve types
* Remove invalid checking on hashlib
* Avoid redundant message if debug on
* Update version of dependency-review-action
* Add releases link in "Version control integration"
* Add another bad example of yaml load
* Specify semver range for Python 3.11
* Make small fixes in docs
* Test plugin listing incorrectly pointing b612 to plugin ref
of b1022
* Close the <b> tag in HTML formatter
* Add dependency review action
* Update action versions in Actions workflows (#890)
* Add Discord link to README
* Add myself to sponsor list
* Test against Python 3.11
* Corrected documentation on configuration
* Remove redundant pip line
* Removal of ghugo
* Adding logging.config.listen() plugin with examples
* Add a Discord link to the docs
* Add request for feedback via 👍
* Remove redundant word Bandit in titles of sections
* Add license and contributing links to docs
* Fix for build breaks in format job
* add check for "requests" calls without timeout
* Fix up B109 and B111 removed plugins docs
* Replace \`toml\` with \`tomli\`
* Make use of rich for the progress bar
* Add doc for hashlib plugin
* Add the httpx module check for verify
* Indiciate hash type in message
* Remove blacklist call check for os.tempnam
* Removal of blacklist call B309 httpsconnection
* Add classifier to indicate Py3 only
* Fix line range using Python 3.8 end\_lineno
* Group location line with code output
* Use a constant for weak hashes
* Bad link to screen shot
* Add an example screen shot of Bandit to README
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Oct 27 11:16:40 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com> Thu Oct 27 11:16:40 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>

4
python-bandit.spec
View File

@@ -1,7 +1,7 @@
# #
# spec file for package python-bandit # spec file for package python-bandit
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
%define pythons python3 %define pythons python3
%bcond_without builddocs %bcond_without builddocs
Name: python-bandit Name: python-bandit
Version: 1.7.4 Version: 1.7.5
Release: 0 Release: 0
Summary: Security oriented static analyser for Python code Summary: Security oriented static analyser for Python code
License: Apache-2.0 License: Apache-2.0

8
remove-non-test-deps.patch
View File

@@ -1,7 +1,7 @@
Index: bandit-1.7.2/test-requirements.txt Index: bandit-1.7.5/test-requirements.txt
=================================================================== ===================================================================
--- bandit-1.7.2.orig/test-requirements.txt --- bandit-1.7.5.orig/test-requirements.txt
+++ bandit-1.7.2/test-requirements.txt +++ bandit-1.7.5/test-requirements.txt
@@ -1,12 +1,9 @@ @@ -1,12 +1,9 @@
# The order of packages is significant, because pip processes them in the order # The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration # of appearance. Changing the order has an impact on the overall integration
@@ -12,6 +12,6 @@ Index: bandit-1.7.2/test-requirements.txt
stestr>=2.5.0 # Apache-2.0 stestr>=2.5.0 # Apache-2.0
testscenarios>=0.5.0 # Apache-2.0/BSD testscenarios>=0.5.0 # Apache-2.0/BSD
testtools>=2.3.0 # MIT testtools>=2.3.0 # MIT
toml # MIT tomli>=1.1.0;python_version<"3.11" # MIT
beautifulsoup4>=4.8.0 # MIT beautifulsoup4>=4.8.0 # MIT
-pylint==1.9.4 # GPLv2 -pylint==1.9.4 # GPLv2