Update dependency bandit to v1.7.8

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
bandit (source, changelog)	==1.7.4 -> ==1.7.8

---

Release Notes

PyCQA/bandit (bandit)

v1.7.8

Compare Source

What's Changed

• Incorrect tag naming in readme by @​lukehinds in https://github.com/PyCQA/bandit/pull/1105
• Utilize PyPI's trusted publishing by @​ericwb in https://github.com/PyCQA/bandit/pull/1107
• Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1109
• Add 1.7.7 to versions of bug template by @​ericwb in https://github.com/PyCQA/bandit/pull/1110
• Use datetime to avoid updating copyright year by @​ericwb in https://github.com/PyCQA/bandit/pull/1112
• filter data is safe for tarfile extractall by @​etienneschalk in https://github.com/PyCQA/bandit/pull/1111
• Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1115
• [B605] Add functions that are vulnerable to shell injection. by @​shihai1991 in https://github.com/PyCQA/bandit/pull/1116
• Add a SARIF output formatter by @​ericwb in https://github.com/PyCQA/bandit/pull/1113

New Contributors

• @​etienneschalk made their first contribution in https://github.com/PyCQA/bandit/pull/1111
• @​shihai1991 made their first contribution in https://github.com/PyCQA/bandit/pull/1116

Full Changelog: PyCQA/bandit@1.7.7...1.7.8

v1.7.7

Compare Source

What's Changed

• Add the new release to bandit versions of bug template by @​ericwb in https://github.com/PyCQA/bandit/pull/1075
• Bump actions/setup-python from 4 to 5 by @​dependabot in https://github.com/PyCQA/bandit/pull/1076
• Handle variant in how policy is passed in paramiko by @​ericwb in https://github.com/PyCQA/bandit/pull/1078
• Flag str.replace as possible sql injection by @​costaparas in https://github.com/PyCQA/bandit/pull/1044
• defusedxml: Show correct module name by @​kajinamit in https://github.com/PyCQA/bandit/pull/1081
• Add tidelift to the sponsor funding list by @​ericwb in https://github.com/PyCQA/bandit/pull/1089
• Create a security policy by @​ericwb in https://github.com/PyCQA/bandit/pull/1091
• Fix up issues found running Bandit on itself by @​ericwb in https://github.com/PyCQA/bandit/pull/1093
• Add random.randbytes to blacklist calls by @​ericwb in https://github.com/PyCQA/bandit/pull/1096
• Prepend ./ for files specified as CLI args by @​ericwb in https://github.com/PyCQA/bandit/pull/1094
• Rework GitPython dependency to be an extra for bandit-baseline by @​ericwb in https://github.com/PyCQA/bandit/pull/1099
• Bump actions/dependency-review-action from 3 to 4 by @​dependabot in https://github.com/PyCQA/bandit/pull/1101
• Introduce Official Bandit Images by @​lukehinds in https://github.com/PyCQA/bandit/pull/1088
• Remove markdown formatting in reStructuredText formatted README by @​ericwb in https://github.com/PyCQA/bandit/pull/1103
• Downsize the org:repo name by @​lukehinds in https://github.com/PyCQA/bandit/pull/1104

New Contributors

• @​kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081

Full Changelog: PyCQA/bandit@1.7.6...1.7.7

v1.7.6

Compare Source

What's Changed

• Update bug report to include version 1.7.5 by @​ericwb in https://github.com/PyCQA/bandit/pull/993
• Render Python 3.10 in drop down correctly by @​ericwb in https://github.com/PyCQA/bandit/pull/997
• Remove checks for Python2 urllib by @​ericwb in https://github.com/PyCQA/bandit/pull/999
• Improper detection of non-requests module by @​ericwb in https://github.com/PyCQA/bandit/pull/1011
• xmlrpclib replaced with xmlrpc in Python3 by @​ericwb in https://github.com/PyCQA/bandit/pull/1012
• language and linting updates by @​marksmayo in https://github.com/PyCQA/bandit/pull/1015
• Adds check for crypt module usage as weak hash by @​ericwb in https://github.com/PyCQA/bandit/pull/1018
• Switch to tox 4 by @​mportesdev in https://github.com/PyCQA/bandit/pull/1020
• Skip unnecessary pip install commands in the pythonpackage.yml workflow by @​mportesdev in https://github.com/PyCQA/bandit/pull/1021
• Update versions of used GitHub Actions by @​mportesdev in https://github.com/PyCQA/bandit/pull/1024
• Update pre-commit hooks by @​mportesdev in https://github.com/PyCQA/bandit/pull/1026
• Add random.Random to B311 checks by @​shiftinv in https://github.com/PyCQA/bandit/pull/940
• Add a copy button to all code snippets in docs by @​ericwb in https://github.com/PyCQA/bandit/pull/1030
• Replace pbr in favor of importlib by @​ericwb in https://github.com/PyCQA/bandit/pull/1016
• Switch from open collective to PSF by @​ericwb in https://github.com/PyCQA/bandit/pull/1031
• Make pre-commit run Bandit hook using a single process by @​Klavionik in https://github.com/PyCQA/bandit/pull/1029
• Remove support for Python 3.7 due to end-of-life by @​ericwb in https://github.com/PyCQA/bandit/pull/1034
• Update asserts.py documentation by @​deronnax in https://github.com/PyCQA/bandit/pull/1036
• Simplify wrap_file_object by @​mportesdev in https://github.com/PyCQA/bandit/pull/1037
• django_rawsql_used: support keyword arguments used in RawSQL by @​kevinmarsh in https://github.com/PyCQA/bandit/pull/765
• Avoid gitpyhon CVE-2022-24439 by @​carlosduelo in https://github.com/PyCQA/bandit/pull/1048
• Update blacklist call documentation by @​costaparas in https://github.com/PyCQA/bandit/pull/1045
• Support ignoring blacklists by name by @​costaparas in https://github.com/PyCQA/bandit/pull/1046
• Fix dependabot to update github actions by @​ericwb in https://github.com/PyCQA/bandit/pull/1057
• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/PyCQA/bandit/pull/1058
• Fix for ReadtheDocs build by @​ericwb in https://github.com/PyCQA/bandit/pull/1061
• fix(plugins/B507): also detect class instances by @​mkniewallner in https://github.com/PyCQA/bandit/pull/1064
• Use mirror repository for black pre-commit hook by @​mportesdev in https://github.com/PyCQA/bandit/pull/1070
• Add official support of Python 3.12 by @​ericwb in https://github.com/PyCQA/bandit/pull/1068
• Fix crash on pyproject.toml without bandit config by @​javajawa in https://github.com/PyCQA/bandit/pull/1073
• refactor: remove importlib-metadata fallback by @​mkniewallner in https://github.com/PyCQA/bandit/pull/1066
• Fixes for sphinx build by @​ericwb in https://github.com/PyCQA/bandit/pull/1063

New Contributors

• @​marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015
• @​shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940
• @​Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029
• @​deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036
• @​kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765
• @​carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048
• @​costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045
• @​dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058
• @​javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073

Full Changelog: PyCQA/bandit@1.7.5...1.7.6

v1.7.5

Compare Source

What's Changed

• Add an example screen shot of Bandit to README by @​ericwb in https://github.com/PyCQA/bandit/pull/847
• Bad link to screen shot by @​ericwb in https://github.com/PyCQA/bandit/pull/848
• Use a constant for weak hashes by @​ericwb in https://github.com/PyCQA/bandit/pull/850
• Group location line with code output by @​ericwb in https://github.com/PyCQA/bandit/pull/822
• Fix line range using Python 3.8 end_lineno by @​ericwb in https://github.com/PyCQA/bandit/pull/821
• Add classifier to indicate Py3 only by @​ericwb in https://github.com/PyCQA/bandit/pull/853
• Removal of blacklist call B309 httpsconnection by @​ericwb in https://github.com/PyCQA/bandit/pull/858
• Remove blacklist call check for os.tempnam by @​ericwb in https://github.com/PyCQA/bandit/pull/859
• Indiciate hash type in message by @​ericwb in https://github.com/PyCQA/bandit/pull/860
• Add the httpx module check for verify by @​ericwb in https://github.com/PyCQA/bandit/pull/861
• Add doc for hashlib plugin by @​ericwb in https://github.com/PyCQA/bandit/pull/862
• Make use of rich for progress bar by @​ericwb in https://github.com/PyCQA/bandit/pull/863
• Replace toml with tomli by @​mkniewallner in https://github.com/PyCQA/bandit/pull/829
• Fix up B109 and B111 removed plugins docs by @​ericwb in https://github.com/PyCQA/bandit/pull/864
• add check for "requests" calls without timeout by @​mschfh in https://github.com/PyCQA/bandit/pull/743
• Fix for build breaks in format job by @​ericwb in https://github.com/PyCQA/bandit/pull/869
• Add license and contributing links to docs by @​ericwb in https://github.com/PyCQA/bandit/pull/867
• Remove redundant word Bandit in titles of sections by @​ericwb in https://github.com/PyCQA/bandit/pull/873
• Add request for feedback via 👍 by @​ericwb in https://github.com/PyCQA/bandit/pull/871
• Add a Discord link to the docs by @​ericwb in https://github.com/PyCQA/bandit/pull/870
• Adding logging.config.listen() plugin with examples by @​raj3shp in https://github.com/PyCQA/bandit/pull/874
• Removal of ghugo by @​ericwb in https://github.com/PyCQA/bandit/pull/881
• Remove redundant pip line by @​ericwb in https://github.com/PyCQA/bandit/pull/884
• Corrected documentation on configuration by @​a-takahashi223 in https://github.com/PyCQA/bandit/pull/868
• Start testing against Python 3.11 by @​mkniewallner in https://github.com/PyCQA/bandit/pull/887
• Add myself to sponsor list by @​ericwb in https://github.com/PyCQA/bandit/pull/885
• Add Discord link to README by @​ericwb in https://github.com/PyCQA/bandit/pull/875
• Update action versions in Actions workflows (#​890) by @​mportesdev in https://github.com/PyCQA/bandit/pull/893
• Add dependency review action by @​ericwb in https://github.com/PyCQA/bandit/pull/891
• Fix an unclosed tag in HTML formatter by @​mportesdev in https://github.com/PyCQA/bandit/pull/896
• 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by @​rajaramsrn in https://github.com/PyCQA/bandit/pull/897
• Make small fixes in docs by @​mportesdev in https://github.com/PyCQA/bandit/pull/899
• Specify semver range for Python 3.11 by @​mportesdev in https://github.com/PyCQA/bandit/pull/901
• Add another bad example of yaml load by @​ericwb in https://github.com/PyCQA/bandit/pull/905
• Add releases link in "Version control integration" by @​travisjungroth in https://github.com/PyCQA/bandit/pull/909
• Update version of dependency-review-action by @​mportesdev in https://github.com/PyCQA/bandit/pull/911
• Avoid redundant message if debug on by @​ericwb in https://github.com/PyCQA/bandit/pull/913
• Remove invalid checking on hashlib by @​ericwb in https://github.com/PyCQA/bandit/pull/914
• Add some missing curve types by @​ericwb in https://github.com/PyCQA/bandit/pull/920
• add jsonpickle deserialization blacklist by @​SugarP1g in https://github.com/PyCQA/bandit/pull/707
• Fix reading the number argument from config file by @​KAUTH in https://github.com/PyCQA/bandit/pull/923
• Add end_col_offset if available by @​ericwb in https://github.com/PyCQA/bandit/pull/851
• Enhancement Proposal: Plugin "assert_used" config-skip snippet by @​marianomartinelli in https://github.com/PyCQA/bandit/pull/695
• Blacklist pandas read_pickle and add functional test for it by @​jaspersival in https://github.com/PyCQA/bandit/pull/710
• Docs for request without timeout has dead link by @​ericwb in https://github.com/PyCQA/bandit/pull/925
• Add case for global exec by @​tonybaloney in https://github.com/PyCQA/bandit/pull/570
• Fix a false positive condition yaml_load by @​ericwb in https://github.com/PyCQA/bandit/pull/927
• Fix issue #​453 jinja2 template select_autoescape when using jinja2.select_autoescape by @​kinow in https://github.com/PyCQA/bandit/pull/454
• Adding tarfile.extractall() plugin with examples by @​yilmi in https://github.com/PyCQA/bandit/pull/549
• Check for deprecated TLS 1.1 by @​ericwb in https://github.com/PyCQA/bandit/pull/928
• weak_cryptographic_key assumes positional arg by @​ericwb in https://github.com/PyCQA/bandit/pull/930
• Fix filename of B202 in docs by @​mportesdev in https://github.com/PyCQA/bandit/pull/932
• Remove python 2 reference in docs by @​ericwb in https://github.com/PyCQA/bandit/pull/933
• Pass correct number of arguments to match the %s placeholders. by @​mportesdev in https://github.com/PyCQA/bandit/pull/934
• Fixup some invalid pickle testing by @​ericwb in https://github.com/PyCQA/bandit/pull/924
• Fix json and yaml formatters to respect num lines by @​ericwb in https://github.com/PyCQA/bandit/pull/929
• Fix AttributeError on detect of tuple assign condition by @​ericwb in https://github.com/PyCQA/bandit/pull/931
• [docs] Mention exclude_dirs option available in TOML and YAML by @​bittner in https://github.com/PyCQA/bandit/pull/876
• Typo fix by @​PermanAtayev in https://github.com/PyCQA/bandit/pull/945
• remove py2 exec example in docs by @​clavedeluna in https://github.com/PyCQA/bandit/pull/947
• Add official Python 3.11 support by @​ericwb in https://github.com/PyCQA/bandit/pull/964
• DOC: Add explanation on how to use pre-commit with config file by @​phofl in https://github.com/PyCQA/bandit/pull/968
• Fix breaking build due to new tox by @​ericwb in https://github.com/PyCQA/bandit/pull/983
• Correct build status badge in README by @​gliptak in https://github.com/PyCQA/bandit/pull/980
• Improve detecting SQL injections in f-strings by @​kfrydel in https://github.com/PyCQA/bandit/pull/917
• Improve handling nosec for multi-line strings by @​kfrydel in https://github.com/PyCQA/bandit/pull/915
• Check for github action updates monthly by @​jlosito in https://github.com/PyCQA/bandit/pull/989
• Added a bit more project_urls by @​KOLANICH in https://github.com/PyCQA/bandit/pull/985

New Contributors

• @​mschfh made their first contribution in https://github.com/PyCQA/bandit/pull/743
• @​raj3shp made their first contribution in https://github.com/PyCQA/bandit/pull/874
• @​a-takahashi223 made their first contribution in https://github.com/PyCQA/bandit/pull/868
• @​mportesdev made their first contribution in https://github.com/PyCQA/bandit/pull/893
• @​rajaramsrn made their first contribution in https://github.com/PyCQA/bandit/pull/897
• @​travisjungroth made their first contribution in https://github.com/PyCQA/bandit/pull/909
• @​SugarP1g made their first contribution in https://github.com/PyCQA/bandit/pull/707
• @​KAUTH made their first contribution in https://github.com/PyCQA/bandit/pull/923
• @​marianomartinelli made their first contribution in https://github.com/PyCQA/bandit/pull/695
• @​jaspersival made their first contribution in https://github.com/PyCQA/bandit/pull/710
• @​kinow made their first contribution in https://github.com/PyCQA/bandit/pull/454
• @​yilmi made their first contribution in https://github.com/PyCQA/bandit/pull/549
• @​PermanAtayev made their first contribution in https://github.com/PyCQA/bandit/pull/945
• @​clavedeluna made their first contribution in https://github.com/PyCQA/bandit/pull/947
• @​phofl made their first contribution in https://github.com/PyCQA/bandit/pull/968
• @​gliptak made their first contribution in https://github.com/PyCQA/bandit/pull/980
• @​kfrydel made their first contribution in https://github.com/PyCQA/bandit/pull/917
• @​jlosito made their first contribution in https://github.com/PyCQA/bandit/pull/989
• @​KOLANICH made their first contribution in https://github.com/PyCQA/bandit/pull/985

Full Changelog: PyCQA/bandit@1.7.4...1.7.5

---

Configuration

📅 Schedule: Branch creation - "every month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (==1.7.8). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.