Accepting request 1302232 from devel:languages:python

- Convert to libalternatives on SLE-16-based and newer systems only
- Fix tests with libalternatives
- Update to 1.8.6
  * Bump sigstore/cosign-installer from 3.8.2 to 3.9.0
    by @dependabot in (#1279)
  * Bump docker/setup-buildx-action from 3.10.0 to 3.11.1
    by @dependabot in (#1278)
  * Added hint to FreeBSD package in doc/source/integrations.rst
    by @daniel-mohr in (#1282)
  * Bump sigstore/cosign-installer from 3.9.0 to 3.9.1
    by @dependabot in (#1284)
  * Huggingface revision pinning by @lukehinds in (#1281)
- Update to 1.8.5
  * Fix the rendering of the CI/CD doc (#1274)
  * Fix for publish to PyPI failure (#1273)
- from version 1.8.4
  * Add more random functions to B311 check (#1235)
  * Metadata: rename classifier to classifiers (#1237)
  * Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 (#1239)
  * Bump docker/build-push-action from 6.13.0 to 6.14.0 (#1238)
  * Bump docker/build-push-action from 6.14.0 to 6.15.0 (#1240)
  * Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#1241)
  * Bump docker/login-action from 3.3.0 to 3.4.0 (#1245)
  * Bump bandit version in bug template (#1247)
  * Fix traceback from trojansource plugin (#1248)
  * Ensure the man page is built (#1257)
  * Update documentation to cover `--severity-level` and `--confidence-level` (#1254)
  * Use license property in lieu of classifier (#1259)
  * Fix up some of the warnings when building docs (#1258)
  * Add a doc describing various integrations (#1253)
  * Use ubuntu latest for readthedocs build (#1260)
  * Bump docker/build-push-action from 6.15.0 to 6.16.0 (#1261)
  * Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#1262)
  * Remove etc from list of temp paths (#1263)
  * Bump docker/build-push-action from 6.16.0 to 6.17.0 (#1265)
  * [pre-commit.ci] pre-commit autoupdate (#1266)
  * Bump docker/build-push-action from 6.17.0 to 6.18.0 (#1268)
  * Add github-actions documentation (#1172)
- Add bandit manpage to %files section
- Convert to libalternatives

OBS-URL: https://build.opensuse.org/request/show/1302232
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-bandit?expand=0&rev=18

bandit-1.7.6.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:72ce7bc9741374d96fb2f1c9a8960829885f1243ffde743de70a19cee353e8f3
-size 1977532

bandit-1.8.6.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dbfe9c25fc6961c2078593de55fd19f2559f9e45b99f1272341f5b95dea4e56b
+size 4240271

python-bandit.changes

@@ -1,3 +1,179 @@
+-------------------------------------------------------------------
+Mon Sep  1 12:44:09 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Convert to libalternatives on SLE-16-based and newer systems only
+- Fix tests with libalternatives
+
+-------------------------------------------------------------------
+Wed Jul 23 07:18:53 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.8.6
+  * Bump sigstore/cosign-installer from 3.8.2 to 3.9.0
+    by @dependabot in (#1279)
+  * Bump docker/setup-buildx-action from 3.10.0 to 3.11.1
+    by @dependabot in (#1278)
+  * Added hint to FreeBSD package in doc/source/integrations.rst
+    by @daniel-mohr in (#1282)
+  * Bump sigstore/cosign-installer from 3.9.0 to 3.9.1
+    by @dependabot in (#1284)
+  * Huggingface revision pinning by @lukehinds in (#1281)
+
+-------------------------------------------------------------------
+Wed Jun 25 10:03:33 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.8.5
+  * Fix the rendering of the CI/CD doc (#1274)
+  * Fix for publish to PyPI failure (#1273)
+- from version 1.8.4
+  * Add more random functions to B311 check (#1235)
+  * Metadata: rename classifier to classifiers (#1237)
+  * Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 (#1239)
+  * Bump docker/build-push-action from 6.13.0 to 6.14.0 (#1238)
+  * Bump docker/build-push-action from 6.14.0 to 6.15.0 (#1240)
+  * Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#1241)
+  * Bump docker/login-action from 3.3.0 to 3.4.0 (#1245)
+  * Bump bandit version in bug template (#1247)
+  * Fix traceback from trojansource plugin (#1248)
+  * Ensure the man page is built (#1257)
+  * Update documentation to cover `--severity-level` and `--confidence-level` (#1254)
+  * Use license property in lieu of classifier (#1259)
+  * Fix up some of the warnings when building docs (#1258)
+  * Add a doc describing various integrations (#1253)
+  * Use ubuntu latest for readthedocs build (#1260)
+  * Bump docker/build-push-action from 6.15.0 to 6.16.0 (#1261)
+  * Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#1262)
+  * Remove etc from list of temp paths (#1263)
+  * Bump docker/build-push-action from 6.16.0 to 6.17.0 (#1265)
+  * [pre-commit.ci] pre-commit autoupdate (#1266)
+  * Bump docker/build-push-action from 6.17.0 to 6.18.0 (#1268)
+  * Add github-actions documentation (#1172)
+- Add bandit manpage to %files section
+
+-------------------------------------------------------------------
+Mon Jun 16 14:45:04 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Convert to libalternatives
+
+-------------------------------------------------------------------
+Mon Feb 24 10:23:19 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.8.3
+  * Bump docker/build-push-action from 6.10.0 to 6.11.0 (#1220)
+  * Bump docker/build-push-action from 6.11.0 to 6.12.0 (#1221)
+  * Bump docker/build-push-action from 6.12.0 to 6.13.0 (#1222)
+  * [pre-commit.ci] pre-commit autoupdate (#1229)
+  * Update bug template to include latest released versions (#1218)
+  * Add markupsafe.Markup XSS plugin (#1225)
+  * Warn not error on an nonexistant test given (#1230)
+  * Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (#1233)
+  * Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#1234)
+  * B107: Skip None values in hardcoded password detection (#1232)
+  * Pytorch fix (#1231)
+
+-------------------------------------------------------------------
+Mon Feb  3 08:12:34 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.8.2:
+  * Clarify "getting started" docs (#963)
+  * Remove lxml (B320 & B410) from blacklist (#1212)
+  * Add Mercedes-Benz to sponsor list (#1210)
+  * Remove more leftover OpenStack references (#1195)
+  * Remove Sentry as a sponsor (#1198)
+  * Add a JSON to seek funding from the FLOSS/fund (#1194)
+  * Update project urls with added links (#1193)
+  * Mark Python 3.13 as officially supported (#1192)
+  * No need to check httpx client without timeout defined (#1177)
+  * Add more insecure cryptography cipher algorithms (#1185)
+  * Removal of Python 3.8 support (#1174)
+  * Rename doc file to match proper bandit ID (#1183)
+
+-------------------------------------------------------------------
+Tue Nov 12 17:04:57 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Add missing BRs and establish Requires according to pyproject.toml.
+
+-------------------------------------------------------------------
+Fri Nov  8 09:21:01 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.7.10
+  * Bump docker/build-push-action from 5.4.0 to 6.0.0
+  * Suggested small refactors in assignments
+  * Performance improvement in blacklist function
+  * Add test for usage of FTP_TLS
+  * New check: B113: TrojanSource - Bidirectional control characters
+  * Bump docker/build-push-action from 6.0.0 to 6.1.0
+  * feat(plugins): add support for httpx in B113
+  * Nit: remove unused variable
+  * Add recent releases to version choice in bug report
+  * Bump docker/build-push-action from 6.1.0 to 6.2.0
+  * Bump docker/build-push-action from 6.2.0 to 6.3.0
+  * Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
+  * Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
+  * Bump docker/login-action from 3.2.0 to 3.3.0
+  * Bump docker/build-push-action from 6.3.0 to 6.5.0
+  * Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
+  * Bump docker/build-push-action from 6.5.0 to 6.6.1
+  * Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
+  * Bump docker/build-push-action from 6.6.1 to 6.7.0
+  * Use consistent file naming of docs
+  * Pytorch Load / Save Plugin
+- from version 1.7.9
+  * Bump docker/build-push-action from 5.1.0 to 5.2.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * New logo for Bandit based on raccoon
+  * Start testing on Python 3.13
+  * Bump docker/build-push-action from 5.2.0 to 5.3.0
+  * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
+  * Bump docker/login-action from 3.0.0 to 3.1.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * [pre-commit.ci] pre-commit autoupdate
+  * Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * Bump sigstore/cosign-installer from 3.4.0 to 3.5.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * Updates banner logo so it renders well in dark mode
+  * [pre-commit.ci] pre-commit autoupdate
+  * Add a sponsor section to README
+  * Ensure sarif extra is included as part of doc build
+  * Bump docker/login-action from 3.1.0 to 3.2.0
+  * [pre-commit.ci] pre-commit autoupdate
+  * [pre-commit.ci] pre-commit autoupdate
+  * Guard against empty call argument list
+  * Bump docker/build-push-action from 5.3.0 to 5.4.0
+  * Support configfile in .bandit file
+- from version 1.7.8
+  * Incorrect tag naming in readme
+  * Utilize PyPI's trusted publishing
+  * Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
+  * Add 1.7.7 to versions of bug template
+  * Use datetime to avoid updating copyright year
+  * filter data is safe for tarfile extractall
+  * Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
+  * [B605] Add functions that are vulnerable to shell injection
+  * Add a SARIF output formatter
+- from version 1.7.7
+  * Add the new release to bandit versions of bug template
+  * Bump actions/setup-python from 4 to 5
+  * Handle variant in how policy is passed in paramiko
+  * Flag str.replace as possible sql injection
+  * defusedxml: Show correct module name
+  * Add tidelift to the sponsor funding list
+  * Create a security policy
+  * Fix up issues found running Bandit on itself
+  * Add random.randbytes to blacklist calls
+  * Prepend ./ for files specified as CLI args
+  * Rework GitPython dependency to be an extra for bandit-baseline
+  * Bump actions/dependency-review-action from 3 to 4
+  * Introduce Official Bandit Images
+  * Remove markdown formatting in reStructuredText formatted README
+  * Downsize the org:repo name by
+- Refresh remove-non-test-deps.patch
+- Use Python 3.11 on SLE-15 by default
+- Switch build system from setuptools to pyproject.toml
+  * Add python-pip and python-wheel to BuildRequires
+  * Replace %python_build with %pyproject_wheel
+  * Replace %python_install with %pyproject_install
+
 -------------------------------------------------------------------
 Thu Dec 14 09:15:32 UTC 2023 - Petr Gajdos <pgajdos@suse.com>
 

python-bandit.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-bandit
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,37 +26,55 @@
 %endif
 # CLI tool, no module
 %define pythons python3
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
 %bcond_without  builddocs
+%{?sle15_python_module_pythons}
 Name:           python-bandit
-Version:        1.7.6
+Version:        1.8.6
 Release:        0
 Summary:        Security oriented static analyser for Python code
 License:        Apache-2.0
 URL:            https://github.com/PyCQA/bandit
 Source:         https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz
 Patch0:         remove-non-test-deps.patch
+BuildRequires:  %{python_module pbr >= 2.0}
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       python-GitPython >= 1.0.1
 Requires:       python-PyYAML >= 5.3.1
+Requires:       python-jschema-to-python >= 1.2.3
 Requires:       python-rich
+Requires:       python-sarif-om
 Requires:       python-stestr >= 1.0.0
 Requires:       python-stevedore >= 1.20.0
+Requires:       (python-tomli >= 1.2.3 if python-base < 3.11)
+BuildArch:      noarch
+%if %{with libalternatives}
+BuildRequires:  alts
+Requires:       alts
+%else
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
+%endif
 %if %{python_version_nodots} < 311
 Requires:       python-tomli
 %endif
-Requires(post): update-alternatives
-Requires(postun):update-alternatives
-BuildArch:      noarch
 %if %{with test}
 BuildRequires:  %{python_module GitPython >= 1.0.1}
 BuildRequires:  %{python_module PyYAML >= 5.3.1}
 BuildRequires:  %{python_module bandit == %{version}}
 BuildRequires:  %{python_module beautifulsoup4 >= 4.8.0}
 BuildRequires:  %{python_module fixtures >= 3.0.0}
-BuildRequires:  %{python_module pbr >= 2.0}
+BuildRequires:  %{python_module jschema-to-python >= 1.2.3}
 BuildRequires:  %{python_module python-subunit >= 0.0.18}
-BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module sarif-om}
 BuildRequires:  %{python_module stestr >= 2.5.0}
 BuildRequires:  %{python_module stevedore >= 1.20.0}
 BuildRequires:  %{python_module testrepository >= 0.0.18}
@@ -82,16 +100,21 @@ sed -i '/^#!/d' bandit/__main__.py
 
 %if !%{with test}
 %build
-%python_build
+%pyproject_wheel
 %endif
 
 %if !%{with test}
 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 %python_clone -a %{buildroot}%{_bindir}/bandit
 %python_clone -a %{buildroot}%{_bindir}/bandit-config-generator
 %python_clone -a %{buildroot}%{_bindir}/bandit-baseline
+%python_group_libalternatives bandit bandit-config-generator bandit-baseline
+# libalternatives binaries break the tests
+%if %{with libalternatives}
+sed -i 's/import sys/import sys; sys.argv[0] = "bandit"/' %{buildroot}%{_bindir}/bandit-3*
+%endif
 %endif
 
 %if %{with test}
@@ -100,19 +123,24 @@ sed -i '/^#!/d' bandit/__main__.py
 %endif
 
 %if !%{with test}
-%post
-%{python_install_alternative bandit bandit-config-generator bandit-baseline }
 %endif
 
 %if !%{with test}
+%post
+%python_install_alternative bandit bandit.1 bandit-config-generator bandit-baseline
+
 %postun
 %python_uninstall_alternative bandit
+
+%pre
+%python_libalternatives_reset_alternative bandit
 %endif
 
 %if !%{with test}
 %files %{python_files}
 %license LICENSE
 %doc AUTHORS ChangeLog README.rst
+%{_mandir}/man1/bandit.1%{?ext_man}
 %python_alternative %{_bindir}/bandit
 %python_alternative %{_bindir}/bandit-config-generator
 %python_alternative %{_bindir}/bandit-baseline

remove-non-test-deps.patch

@@ -1,8 +1,7 @@
-Index: bandit-1.7.5/test-requirements.txt
-===================================================================
---- bandit-1.7.5.orig/test-requirements.txt
-+++ bandit-1.7.5/test-requirements.txt
-@@ -1,12 +1,9 @@
+diff -Nru bandit-1.7.10.orig/test-requirements.txt bandit-1.7.10/test-requirements.txt
+--- bandit-1.7.10.orig/test-requirements.txt	2024-09-23 17:33:25.000000000 +0000
++++ bandit-1.7.10/test-requirements.txt	2024-11-08 09:03:23.050061631 +0000
+@@ -1,11 +1,8 @@
  # The order of packages is significant, because pip processes them in the order
  # of appearance. Changing the order has an impact on the overall integration
  # process, which may cause wedges in the gate later.
@@ -12,6 +11,5 @@ Index: bandit-1.7.5/test-requirements.txt
  stestr>=2.5.0 # Apache-2.0
  testscenarios>=0.5.0 # Apache-2.0/BSD
  testtools>=2.3.0 # MIT
- tomli>=1.1.0;python_version<"3.11" # MIT
  beautifulsoup4>=4.8.0 # MIT
 -pylint==1.9.4 # GPLv2