Releases: PyCQA/bandit
Releases · PyCQA/bandit
1.9.2
What's Changed
- Argparse Python 3.14 enhancements by @ericwb in #1331
- Check whether Constant value is str by @ericwb in #1333
Full Changelog: 1.9.1...1.9.2
Contributors
ericwb
Assets 2
1.9.1
Contributors
ericwb
Assets 2
1.9.0
What's Changed
- Add instructions for Maintainers to create/publish a release by @ericwb in #1275
- Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 by @dependabot[bot] in #1289
- Bump docker/login-action from 3.4.0 to 3.5.0 by @dependabot[bot] in #1290
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1291
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #1292
- Replace deprecated datetime.datetime.utcnow() by @purplezimmermann in #1295
- Bump actions/setup-python from 5 to 6 by @dependabot[bot] in #1296
- Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @dependabot[bot] in #1298
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1303
- Fix typos by @Shortfinga in #1305
- Bump docker/login-action from 3.5.0 to 3.6.0 by @dependabot[bot] in #1306
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1315
- Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @dependabot[bot] in #1317
- Support of Python 3.14 by @ericwb in #1323
- Drop support of end-of-life Python 3.9 by @ericwb in #1325
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1324
New Contributors
- @purplezimmermann made their first contribution in #1295
- @Shortfinga made their first contribution in #1305
Full Changelog: 1.8.6...1.9.0
Contributors
Shortfinga, ericwb, and 3 other contributors
Assets 2
1.8.6
What's Changed
- Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @dependabot in #1279
- Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot in #1278
- added hint to FreeBSD package in doc/source/integrations.rst by @daniel-mohr in #1282
- Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @dependabot in #1284
- Huggingface revision pinning by @lukehinds in #1281
New Contributors
- @daniel-mohr made their first contribution in #1282
Full Changelog: 1.8.5...1.8.6
Contributors
lukehinds, dependabot, and daniel-mohr
Assets 2
1.8.5
What's Changed
- Fix the rendering of the CI/CD doc by @ericwb in #1274
- Fix for publish to PyPI failure by @ericwb in #1273
Full Changelog: 1.8.4...1.8.5
Contributors
ericwb
Assets 2
1.8.4
What's Changed
- Add more random functions to B311 check by @aripollak in #1235
- Metadata: rename classifier to classifiers by @ericwb in #1237
- Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by @dependabot in #1239
- Bump docker/build-push-action from 6.13.0 to 6.14.0 by @dependabot in #1238
- Bump docker/build-push-action from 6.14.0 to 6.15.0 by @dependabot in #1240
- Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by @dependabot in #1241
- Bump docker/login-action from 3.3.0 to 3.4.0 by @dependabot in #1245
- Bump bandit version in bug template by @ericwb in #1247
- Fix traceback from trojansource plugin by @ericwb in #1248
- Ensure the man page is built by @ericwb in #1257
- Update documentation to cover
--severity-leveland--confidence-levelby @bmos in #1254 - Use license property in lieu of classifier by @ericwb in #1259
- Fix up some of the warnings when building docs by @ericwb in #1258
- Add a doc describing various integrations by @ericwb in #1253
- Use ubuntu latest for readthedocs build by @ericwb in #1260
- Bump docker/build-push-action from 6.15.0 to 6.16.0 by @dependabot in #1261
- Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @dependabot in #1262
- Remove etc from list of temp paths by @ericwb in #1263
- Bump docker/build-push-action from 6.16.0 to 6.17.0 by @dependabot in #1265
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1266
- Bump docker/build-push-action from 6.17.0 to 6.18.0 by @dependabot in #1268
- add github-actions documentation by @Killpit in #1172
New Contributors
- @aripollak made their first contribution in #1235
- @bmos made their first contribution in #1254
- @Killpit made their first contribution in #1172
Full Changelog: 1.8.3...1.8.4
Contributors
aripollak, bmos, and 4 other contributors
Assets 2
1.8.3
What's Changed
- Bump docker/build-push-action from 6.10.0 to 6.11.0 by @dependabot in #1220
- Bump docker/build-push-action from 6.11.0 to 6.12.0 by @dependabot in #1221
- Bump docker/build-push-action from 6.12.0 to 6.13.0 by @dependabot in #1222
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1229
- Update bug template to include latest released versions by @ericwb in #1218
- Add markupsafe.Markup XSS plugin by @Daverball in #1225
- Warn not error on an nonexistant test given by @ericwb in #1230
- Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @dependabot in #1233
- Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @dependabot in #1234
- B107: Skip None values in hardcoded password detection by @lukehinds in #1232
- Pytorch fix by @lukehinds in #1231
New Contributors
- @Daverball made their first contribution in #1225
Full Changelog: 1.8.2...1.8.3
Contributors
ericwb, Daverball, and 3 other contributors
Assets 2
1.8.2
What's Changed
Full Changelog: 1.8.1...1.8.2
Contributors
ericwb
Assets 2
1.8.1
What's Changed
- Bump docker/build-push-action from 6.9.0 to 6.10.0 by @dependabot in #1209
- Update the bug template with latest bandit version by @ericwb in #1208
- Add Mercedes-Benz to sponsor list by @ericwb in #1210
- Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @dependabot in #1211
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1213
- Start testing with 3.14 alphas by @ericwb in #1189
- Remove lxml (B320 & B410) from blacklist by @djbrown in #1212
- Clarify "getting started" docs by @Flimm in #963
New Contributors
Full Changelog: 1.8.0...1.8.1
Contributors
Flimm, ericwb, and 3 other contributors
Assets 2
1.8.0
What's Changed
- Bump docker/build-push-action from 6.7.0 to 6.9.0 by @dependabot in #1178
- Rename doc file to match proper bandit ID by @ericwb in #1183
- Removal of Python 3.8 support by @ericwb in #1174
- Add more insecure cryptography cipher algorithms by @ericwb in #1185
- Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @dependabot in #1186
- Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #1187
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1162
- No need to check httpx client without timeout defined by @ericwb in #1177
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1191
- Mark Python 3.13 as officially supported by @ericwb in #1192
- Update project urls with added links by @ericwb in #1193
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1196
- Add a JSON to seek funding from the FLOSS/fund by @ericwb in #1194
- Remove Sentry as a sponsor by @ericwb in #1198
- Remove more leftover OpenStack references by @ericwb in #1195
Full Changelog: 1.7.10...1.8.0
Contributors
ericwb, dependabot, and pre-commit-ci