Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scheduled daily dependency update on Thursday #600

Merged
merged 6 commits into from
Jan 26, 2024

Conversation

pyup-bot
Copy link
Collaborator

@pyup-bot pyup-bot commented Jan 25, 2024

Update bandit from 1.7.4 to 1.7.7.

Changelog

1.7.7

What's Changed
* Add the new release to bandit versions of bug template by ericwb in https://github.com/PyCQA/bandit/pull/1075
* Bump actions/setup-python from 4 to 5 by dependabot in https://github.com/PyCQA/bandit/pull/1076
* Handle variant in how policy is passed in paramiko by ericwb in https://github.com/PyCQA/bandit/pull/1078
* Flag str.replace as possible sql injection by costaparas in https://github.com/PyCQA/bandit/pull/1044
* defusedxml: Show correct module name by kajinamit in https://github.com/PyCQA/bandit/pull/1081
* Add tidelift to the sponsor funding list by ericwb in https://github.com/PyCQA/bandit/pull/1089
* Create a security policy by ericwb in https://github.com/PyCQA/bandit/pull/1091
* Fix up issues found running Bandit on itself by ericwb in https://github.com/PyCQA/bandit/pull/1093
* Add random.randbytes to blacklist calls by ericwb in https://github.com/PyCQA/bandit/pull/1096
* Prepend ./ for files specified as CLI args by ericwb in https://github.com/PyCQA/bandit/pull/1094
* Rework GitPython dependency to be an extra for bandit-baseline by ericwb in https://github.com/PyCQA/bandit/pull/1099
* Bump actions/dependency-review-action from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1101
* Introduce Official Bandit Images by lukehinds in https://github.com/PyCQA/bandit/pull/1088
* Remove markdown formatting in reStructuredText formatted README by ericwb in https://github.com/PyCQA/bandit/pull/1103
* Downsize the org:repo name by lukehinds in https://github.com/PyCQA/bandit/pull/1104

New Contributors
* kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7

1.7.6

What's Changed
* Update bug report to include version 1.7.5 by ericwb in https://github.com/PyCQA/bandit/pull/993
* Render Python 3.10 in drop down correctly by ericwb in https://github.com/PyCQA/bandit/pull/997
* Remove checks for Python2 urllib by ericwb in https://github.com/PyCQA/bandit/pull/999
* Improper detection of non-requests module by ericwb in https://github.com/PyCQA/bandit/pull/1011
* xmlrpclib replaced with xmlrpc in Python3 by ericwb in https://github.com/PyCQA/bandit/pull/1012
* language and linting updates by marksmayo in https://github.com/PyCQA/bandit/pull/1015
* Adds check for crypt module usage as weak hash by ericwb in https://github.com/PyCQA/bandit/pull/1018
* Switch to tox 4 by mportesdev in https://github.com/PyCQA/bandit/pull/1020
* Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by mportesdev in https://github.com/PyCQA/bandit/pull/1021
* Update versions of used GitHub Actions by mportesdev in https://github.com/PyCQA/bandit/pull/1024
* Update pre-commit hooks by mportesdev in https://github.com/PyCQA/bandit/pull/1026
* Add `random.Random` to B311 checks by shiftinv in https://github.com/PyCQA/bandit/pull/940
* Add a copy button to all code snippets in docs by ericwb in https://github.com/PyCQA/bandit/pull/1030
* Replace pbr in favor of importlib by ericwb in https://github.com/PyCQA/bandit/pull/1016
* Switch from open collective to PSF by ericwb in https://github.com/PyCQA/bandit/pull/1031
* Make pre-commit run Bandit hook using a single process by Klavionik in https://github.com/PyCQA/bandit/pull/1029
* Remove support for Python 3.7 due to end-of-life by ericwb in https://github.com/PyCQA/bandit/pull/1034
* Update asserts.py documentation by deronnax in https://github.com/PyCQA/bandit/pull/1036
* Simplify `wrap_file_object` by mportesdev in https://github.com/PyCQA/bandit/pull/1037
* django_rawsql_used: support keyword arguments used in `RawSQL` by kevinmarsh in https://github.com/PyCQA/bandit/pull/765
* Avoid gitpyhon CVE-2022-24439 by carlosduelo in https://github.com/PyCQA/bandit/pull/1048
* Update blacklist call documentation by costaparas in https://github.com/PyCQA/bandit/pull/1045
* Support ignoring blacklists by name by costaparas in https://github.com/PyCQA/bandit/pull/1046
* Fix dependabot to update github actions by ericwb in https://github.com/PyCQA/bandit/pull/1057
* Bump actions/checkout from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1058
* Fix for ReadtheDocs build by ericwb in https://github.com/PyCQA/bandit/pull/1061
* fix(plugins/B507): also detect class instances by mkniewallner in https://github.com/PyCQA/bandit/pull/1064
* Use mirror repository for black pre-commit hook by mportesdev in https://github.com/PyCQA/bandit/pull/1070
* Add official support of Python 3.12 by ericwb in https://github.com/PyCQA/bandit/pull/1068
* Fix crash on pyproject.toml without bandit config by javajawa in https://github.com/PyCQA/bandit/pull/1073
* refactor: remove `importlib-metadata` fallback by mkniewallner in https://github.com/PyCQA/bandit/pull/1066
* Fixes for sphinx build by ericwb in https://github.com/PyCQA/bandit/pull/1063

New Contributors
* marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015
* shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940
* Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029
* deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036
* kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765
* carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048
* costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045
* dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058
* javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6

1.7.5

What's Changed
* Add an example screen shot of Bandit to README by ericwb in https://github.com/PyCQA/bandit/pull/847
* Bad link to screen shot by ericwb in https://github.com/PyCQA/bandit/pull/848
* Use a constant for weak hashes by ericwb in https://github.com/PyCQA/bandit/pull/850
* Group location line with code output by ericwb in https://github.com/PyCQA/bandit/pull/822
* Fix line range using Python 3.8 end_lineno by ericwb in https://github.com/PyCQA/bandit/pull/821
* Add classifier to indicate Py3 only by ericwb in https://github.com/PyCQA/bandit/pull/853
* Removal of blacklist call B309 httpsconnection by ericwb in https://github.com/PyCQA/bandit/pull/858
* Remove blacklist call check for os.tempnam by ericwb in https://github.com/PyCQA/bandit/pull/859
* Indiciate hash type in message by ericwb in https://github.com/PyCQA/bandit/pull/860
* Add the httpx module check for verify by ericwb in https://github.com/PyCQA/bandit/pull/861
* Add doc for hashlib plugin by ericwb in https://github.com/PyCQA/bandit/pull/862
* Make use of rich for progress bar by ericwb in https://github.com/PyCQA/bandit/pull/863
* Replace `toml` with `tomli` by mkniewallner in https://github.com/PyCQA/bandit/pull/829
* Fix up B109 and B111 removed plugins docs by ericwb in https://github.com/PyCQA/bandit/pull/864
* add check for "requests" calls without timeout by mschfh in https://github.com/PyCQA/bandit/pull/743
* Fix for build breaks in format job by ericwb in https://github.com/PyCQA/bandit/pull/869
* Add license and contributing links to docs by ericwb in https://github.com/PyCQA/bandit/pull/867
* Remove redundant word Bandit in titles of sections by ericwb in https://github.com/PyCQA/bandit/pull/873
* Add request for feedback via 👍 by ericwb in https://github.com/PyCQA/bandit/pull/871
* Add a Discord link to the docs by ericwb in https://github.com/PyCQA/bandit/pull/870
* Adding logging.config.listen() plugin with examples by raj3shp in https://github.com/PyCQA/bandit/pull/874
* Removal of ghugo by ericwb in https://github.com/PyCQA/bandit/pull/881
* Remove redundant pip line by ericwb in https://github.com/PyCQA/bandit/pull/884
* Corrected documentation on configuration by a-takahashi223 in https://github.com/PyCQA/bandit/pull/868
* Start testing against Python 3.11 by mkniewallner in https://github.com/PyCQA/bandit/pull/887
* Add myself to sponsor list by ericwb in https://github.com/PyCQA/bandit/pull/885
* Add Discord link to README by ericwb in https://github.com/PyCQA/bandit/pull/875
* Update action versions in Actions workflows (890) by mportesdev in https://github.com/PyCQA/bandit/pull/893
* Add dependency review action by ericwb in https://github.com/PyCQA/bandit/pull/891
* Fix an unclosed <b> tag in HTML formatter by mportesdev in https://github.com/PyCQA/bandit/pull/896
* 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by rajaramsrn in https://github.com/PyCQA/bandit/pull/897
* Make small fixes in docs by mportesdev in https://github.com/PyCQA/bandit/pull/899
* Specify semver range for Python 3.11 by mportesdev in https://github.com/PyCQA/bandit/pull/901
* Add another bad example of yaml load by ericwb in https://github.com/PyCQA/bandit/pull/905
* Add releases link in "Version control integration" by travisjungroth in https://github.com/PyCQA/bandit/pull/909
* Update version of dependency-review-action by mportesdev in https://github.com/PyCQA/bandit/pull/911
* Avoid redundant message if debug on by ericwb in https://github.com/PyCQA/bandit/pull/913
* Remove invalid checking on hashlib by ericwb in https://github.com/PyCQA/bandit/pull/914
* Add some missing curve types by ericwb in https://github.com/PyCQA/bandit/pull/920
* add jsonpickle deserialization blacklist by SugarP1g in https://github.com/PyCQA/bandit/pull/707
* Fix reading the number argument from config file by KAUTH in https://github.com/PyCQA/bandit/pull/923
* Add end_col_offset if available by ericwb in https://github.com/PyCQA/bandit/pull/851
* Enhancement Proposal: Plugin "assert_used" config-skip snippet by marianomartinelli in https://github.com/PyCQA/bandit/pull/695
* Blacklist pandas read_pickle and add functional test for it by jaspersival in https://github.com/PyCQA/bandit/pull/710
* Docs for request without timeout has dead link by ericwb in https://github.com/PyCQA/bandit/pull/925
* Add case for global exec by tonybaloney in https://github.com/PyCQA/bandit/pull/570
* Fix a false positive condition yaml_load by ericwb in https://github.com/PyCQA/bandit/pull/927
* Fix issue 453 jinja2 template select_autoescape when using jinja2.select_autoescape by kinow in https://github.com/PyCQA/bandit/pull/454
* Adding tarfile.extractall() plugin with examples by yilmi in https://github.com/PyCQA/bandit/pull/549
* Check for deprecated TLS 1.1 by ericwb in https://github.com/PyCQA/bandit/pull/928
* weak_cryptographic_key assumes positional arg by ericwb in https://github.com/PyCQA/bandit/pull/930
* Fix filename of B202 in docs by mportesdev in https://github.com/PyCQA/bandit/pull/932
* Remove python 2 reference in docs by ericwb in https://github.com/PyCQA/bandit/pull/933
* Pass correct number of arguments to match the `%s` placeholders. by mportesdev in https://github.com/PyCQA/bandit/pull/934
* Fixup some invalid pickle testing by ericwb in https://github.com/PyCQA/bandit/pull/924
* Fix json and yaml formatters to respect num lines by ericwb in https://github.com/PyCQA/bandit/pull/929
* Fix AttributeError on detect of tuple assign condition by ericwb in https://github.com/PyCQA/bandit/pull/931
* [docs] Mention `exclude_dirs` option available in TOML and YAML by bittner in https://github.com/PyCQA/bandit/pull/876
* Typo fix by PermanAtayev in https://github.com/PyCQA/bandit/pull/945
* remove py2 exec example in docs by clavedeluna in https://github.com/PyCQA/bandit/pull/947
* Add official Python 3.11 support by ericwb in https://github.com/PyCQA/bandit/pull/964
* DOC: Add explanation on how to use pre-commit with config file by phofl in https://github.com/PyCQA/bandit/pull/968
* Fix breaking build due to new tox by ericwb in https://github.com/PyCQA/bandit/pull/983
* Correct build status badge in README by gliptak in https://github.com/PyCQA/bandit/pull/980
* Improve detecting SQL injections in f-strings by kfrydel in https://github.com/PyCQA/bandit/pull/917
* Improve handling nosec for multi-line strings by kfrydel in https://github.com/PyCQA/bandit/pull/915
* Check for github action updates monthly by jlosito in https://github.com/PyCQA/bandit/pull/989
* Added a bit more `project_urls` by KOLANICH in https://github.com/PyCQA/bandit/pull/985

New Contributors
* mschfh made their first contribution in https://github.com/PyCQA/bandit/pull/743
* raj3shp made their first contribution in https://github.com/PyCQA/bandit/pull/874
* a-takahashi223 made their first contribution in https://github.com/PyCQA/bandit/pull/868
* mportesdev made their first contribution in https://github.com/PyCQA/bandit/pull/893
* rajaramsrn made their first contribution in https://github.com/PyCQA/bandit/pull/897
* travisjungroth made their first contribution in https://github.com/PyCQA/bandit/pull/909
* SugarP1g made their first contribution in https://github.com/PyCQA/bandit/pull/707
* KAUTH made their first contribution in https://github.com/PyCQA/bandit/pull/923
* marianomartinelli made their first contribution in https://github.com/PyCQA/bandit/pull/695
* jaspersival made their first contribution in https://github.com/PyCQA/bandit/pull/710
* kinow made their first contribution in https://github.com/PyCQA/bandit/pull/454
* yilmi made their first contribution in https://github.com/PyCQA/bandit/pull/549
* PermanAtayev made their first contribution in https://github.com/PyCQA/bandit/pull/945
* clavedeluna made their first contribution in https://github.com/PyCQA/bandit/pull/947
* phofl made their first contribution in https://github.com/PyCQA/bandit/pull/968
* gliptak made their first contribution in https://github.com/PyCQA/bandit/pull/980
* kfrydel made their first contribution in https://github.com/PyCQA/bandit/pull/917
* jlosito made their first contribution in https://github.com/PyCQA/bandit/pull/989
* KOLANICH made their first contribution in https://github.com/PyCQA/bandit/pull/985

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5
Links

@pyup-bot pyup-bot added the security New security features or failing AuthN/AuthZ conditions label Jan 25, 2024
@github-actions github-actions bot added tests Test execution or additional use cases and removed security New security features or failing AuthN/AuthZ conditions labels Jan 25, 2024
@github-actions github-actions bot added ui Something related to the UI operations or display plugin Service plugin cli Something related to the CLI helpers labels Jan 25, 2024
@github-actions github-actions bot added the ci Something related to code tests, deployment and packaging label Jan 26, 2024
Copy link

codecov bot commented Jan 26, 2024

Codecov Report

Attention: 16 lines in your changes are missing coverage. Please review.

Comparison is base (51ce09e) 80.92% compared to head (d899bd2) 80.92%.
Report is 1 commits behind head on master.

Files Patch % Lines
magpie/register.py 0.00% 11 Missing ⚠️
magpie/adapter/magpieowssecurity.py 0.00% 2 Missing ⚠️
magpie/cli/sync_services.py 0.00% 2 Missing ⚠️
magpie/ui/login/views.py 0.00% 1 Missing ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##           master     #600   +/-   ##
=======================================
  Coverage   80.92%   80.92%           
=======================================
  Files          73       73           
  Lines       10196    10196           
  Branches     1824     1824           
=======================================
  Hits         8251     8251           
  Misses       1622     1622           
  Partials      323      323           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@fmigneault fmigneault merged commit b360750 into master Jan 26, 2024
23 of 24 checks passed
@fmigneault fmigneault deleted the pyup-scheduled-update-2024-01-25 branch January 26, 2024 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci Something related to code tests, deployment and packaging cli Something related to the CLI helpers plugin Service plugin tests Test execution or additional use cases ui Something related to the UI operations or display
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants