- update to 1.7.5:

* Added a bit more \`project\_urls\` * Check for github action updates monthly * Improve handling nosec for multi-line strings * Improve detecting SQL injections in f-strings * Correct build status badge in README * Fix breaking build due to new tox * DOC: Add explanation on how to use pre-commit with config file * Add official Python 3.11 support * remove py2 exec example in docs * Typo fix * [docs] Mention \`exclude\_dirs\` option available in TOML and YAML * Fix AttributeError on detect of tuple assign condition * Fix json and yaml formatters to respect num lines * Fixup some invalid pickle testing * Pass correct number of arguments to match the \`%s\` placeholders. * Remove python 2 reference in docs * Fix filename of B202 in docs * weak\_cryptographic\_key assumes positional arg * Check for deprecated TLS 1.1 * Adding tarfile.extractall() plugin with examples * Fix issue #453 jinja2 template select\_autoescape when using jinja2.select\_autoescape * Fix a false positive condition yaml\_load * Add case for global exec * Docs for request without timeout has dead link * Blacklist pandas read\_pickle and add functional test for it OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bandit?expand=0&rev=25
2023-07-24 20:24:10 +00:00
parent 58e5430d73
commit d71939e9e2
5 changed files with 88 additions and 9 deletions
--- a/bandit-1.7.4.tar.gz
+++ b/bandit-1.7.4.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2d63a8c573417bae338962d4b9b06fbc6080f74ecd955a092849e1e65c717bd2
-size 495104
--- a/bandit-1.7.5.tar.gz
+++ b/bandit-1.7.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bdfc739baa03b880c2d15d0431b31c658ffc348e907fe197e54e0389dd59e11e
+size 1970878
--- a/python-bandit.changes
+++ b/python-bandit.changes
@@ -1,3 +1,82 @@
+-------------------------------------------------------------------
+Mon Jul 24 20:22:50 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.7.5:
+  * Added a bit more \`project\_urls\`
+  * Check for github action updates monthly
+  * Improve handling nosec for multi-line strings
+  * Improve detecting SQL injections in f-strings
+  * Correct build status badge in README
+  * Fix breaking build due to new tox
+  * DOC: Add explanation on how to use pre-commit with config
+    file
+  * Add official Python 3.11 support
+  * remove py2 exec example in docs
+  * Typo fix
+  * [docs] Mention \`exclude\_dirs\` option available in TOML and
+    YAML
+  * Fix AttributeError on detect of tuple assign condition
+  * Fix json and yaml formatters to respect num lines
+  * Fixup some invalid pickle testing
+  * Pass correct number of arguments to match the \`%s\`
+    placeholders.
+  * Remove python 2 reference in docs
+  * Fix filename of B202 in docs
+  * weak\_cryptographic\_key assumes positional arg
+  * Check for deprecated TLS 1.1
+  * Adding tarfile.extractall() plugin with examples
+  * Fix issue #453 jinja2 template select\_autoescape when using
+    jinja2.select\_autoescape
+  * Fix a false positive condition yaml\_load
+  * Add case for global exec
+  * Docs for request without timeout has dead link
+  * Blacklist pandas read\_pickle and add functional test for it
+  * Enhancement Proposal: Plugin "assert\_used" config-skip
+    snippet
+  * Add end\_col\_offset if available
+  * Fix reading the number argument from config file
+  * add jsonpickle deserialization blacklist
+  * Add some missing curve types
+  * Remove invalid checking on hashlib
+  * Avoid redundant message if debug on
+  * Update version of dependency-review-action
+  * Add releases link in "Version control integration"
+  * Add another bad example of yaml load
+  * Specify semver range for Python 3.11
+  * Make small fixes in docs
+  * Test plugin listing incorrectly pointing b612 to plugin ref
+    of b1022
+  * Close the <b> tag in HTML formatter
+  * Add dependency review action
+  * Update action versions in Actions workflows (#890)
+  * Add Discord link to README
+  * Add myself to sponsor list
+  * Test against Python 3.11
+  * Corrected documentation on configuration
+  * Remove redundant pip line
+  * Removal of ghugo
+  * Adding logging.config.listen() plugin with examples
+  * Add a Discord link to the docs
+  * Add request for feedback via 👍
+  * Remove redundant word Bandit in titles of sections
+  * Add license and contributing links to docs
+  * Fix for build breaks in format job
+  * add check for "requests" calls without timeout
+  * Fix up B109 and B111 removed plugins docs
+  * Replace \`toml\` with \`tomli\`
+  * Make use of rich for the progress bar
+  * Add doc for hashlib plugin
+  * Add the httpx module check for verify
+  * Indiciate hash type in message
+  * Remove blacklist call check for os.tempnam
+  * Removal of blacklist call B309 httpsconnection
+  * Add classifier to indicate Py3 only
+  * Fix line range using Python 3.8 end\_lineno
+  * Group location line with code output
+  * Use a constant for weak hashes
+  * Bad link to screen shot
+  * Add an example screen shot of Bandit to README
+
 -------------------------------------------------------------------
 Thu Oct 27 11:16:40 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>

--- a/python-bandit.spec
+++ b/python-bandit.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-bandit
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
 %define pythons python3
 %bcond_without  builddocs
 Name:           python-bandit
-Version:        1.7.4
+Version:        1.7.5
 Release:        0
 Summary:        Security oriented static analyser for Python code
 License:        Apache-2.0
--- a/remove-non-test-deps.patch
+++ b/remove-non-test-deps.patch
@@ -1,7 +1,7 @@
-Index: bandit-1.7.2/test-requirements.txt
+Index: bandit-1.7.5/test-requirements.txt
 ===================================================================
--- bandit-1.7.2.orig/test-requirements.txt
-+++ bandit-1.7.2/test-requirements.txt
+--- bandit-1.7.5.orig/test-requirements.txt
+++ bandit-1.7.5/test-requirements.txt
@@ -1,12 +1,9 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
@@ -12,6 +12,6 @@ Index: bandit-1.7.2/test-requirements.txt
 stestr>=2.5.0 # Apache-2.0
 testscenarios>=0.5.0 # Apache-2.0/BSD
 testtools>=2.3.0 # MIT
- toml # MIT
+ tomli>=1.1.0;python_version<"3.11" # MIT
 beautifulsoup4>=4.8.0 # MIT
 -pylint==1.9.4 # GPLv2