Releases: PyCQA/bandit
Releases · PyCQA/bandit
1.8.0
What's Changed
- Bump docker/build-push-action from 6.7.0 to 6.9.0 by @dependabot in #1178
- Rename doc file to match proper bandit ID by @ericwb in #1183
- Removal of Python 3.8 support by @ericwb in #1174
- Add more insecure cryptography cipher algorithms by @ericwb in #1185
- Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @dependabot in #1186
- Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #1187
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1162
- No need to check httpx client without timeout defined by @ericwb in #1177
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1191
- Mark Python 3.13 as officially supported by @ericwb in #1192
- Update project urls with added links by @ericwb in #1193
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1196
- Add a JSON to seek funding from the FLOSS/fund by @ericwb in #1194
- Remove Sentry as a sponsor by @ericwb in #1198
- Remove more leftover OpenStack references by @ericwb in #1195
Full Changelog: 1.7.10...1.8.0
1.7.10
What's Changed
- Bump docker/build-push-action from 5.4.0 to 6.0.0 by @dependabot in #1147
- Suggested small refactors in assignments by @ericwb in #1150
- Performance improvement in blacklist function by @ericwb in #1148
- Add test for usage of FTP_TLS by @ericwb in #1149
- New check: B113: TrojanSource - Bidirectional control characters by @Lucas-C in #757
- Bump docker/build-push-action from 6.0.0 to 6.1.0 by @dependabot in #1152
- feat(plugins): add support for
httpx
inB113
by @mkniewallner in #1060 - Nit: remove unused variable by @ericwb in #1153
- Add recent releases to version choice in bug report by @ericwb in #1151
- Bump docker/build-push-action from 6.1.0 to 6.2.0 by @dependabot in #1155
- Bump docker/build-push-action from 6.2.0 to 6.3.0 by @dependabot in #1157
- Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in #1156
- Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in #1158
- Bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #1159
- Bump docker/build-push-action from 6.3.0 to 6.5.0 by @dependabot in #1160
- Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @dependabot in #1163
- Bump docker/build-push-action from 6.5.0 to 6.6.1 by @dependabot in #1166
- Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #1165
- Bump docker/build-push-action from 6.6.1 to 6.7.0 by @dependabot in #1168
- Use consistent file naming of docs by @ericwb in #1170
- Pytorch Load / Save Plugin by @lukehinds in #1114
New Contributors
Full Changelog: 1.7.9...1.7.10
1.7.9
What's Changed
- Bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #1117
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1119
- New logo for Bandit based on raccoon by @ericwb in #1121
- Start testing on Python 3.13 by @ericwb in #1122
- Bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in #1123
- Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @dependabot in #1124
- Bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #1125
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1126
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1127
- Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @dependabot in #1130
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1131
- Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1132
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1133
- Updates banner logo so it renders well in dark mode by @ericwb in #1134
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1135
- Add a sponsor section to README by @ericwb in #1137
- Ensure sarif extra is included as part of doc build by @ericwb in #1139
- Bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #1142
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1143
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1145
- Guard against empty call argument list by @ericwb in #1146
- Bump docker/build-push-action from 5.3.0 to 5.4.0 by @dependabot in #1144
- Support
configfile
in.bandit
file by @bersbersbers in #1052
New Contributors
- @pre-commit-ci made their first contribution in #1119
- @bersbersbers made their first contribution in #1052
Full Changelog: 1.7.8...1.7.9
1.7.8
What's Changed
- Incorrect tag naming in readme by @lukehinds in #1105
- Utilize PyPI's trusted publishing by @ericwb in #1107
- Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #1109
- Add 1.7.7 to versions of bug template by @ericwb in #1110
- Use datetime to avoid updating copyright year by @ericwb in #1112
- filter data is safe for tarfile extractall by @etienneschalk in #1111
- Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #1115
- [B605] Add functions that are vulnerable to shell injection. by @shihai1991 in #1116
- Add a SARIF output formatter by @ericwb in #1113
New Contributors
- @etienneschalk made their first contribution in #1111
- @shihai1991 made their first contribution in #1116
Full Changelog: 1.7.7...1.7.8
1.7.7
What's Changed
- Add the new release to bandit versions of bug template by @ericwb in #1075
- Bump actions/setup-python from 4 to 5 by @dependabot in #1076
- Handle variant in how policy is passed in paramiko by @ericwb in #1078
- Flag str.replace as possible sql injection by @costaparas in #1044
- defusedxml: Show correct module name by @kajinamit in #1081
- Add tidelift to the sponsor funding list by @ericwb in #1089
- Create a security policy by @ericwb in #1091
- Fix up issues found running Bandit on itself by @ericwb in #1093
- Add random.randbytes to blacklist calls by @ericwb in #1096
- Prepend ./ for files specified as CLI args by @ericwb in #1094
- Rework GitPython dependency to be an extra for bandit-baseline by @ericwb in #1099
- Bump actions/dependency-review-action from 3 to 4 by @dependabot in #1101
- Introduce Official Bandit Images by @lukehinds in #1088
- Remove markdown formatting in reStructuredText formatted README by @ericwb in #1103
- Downsize the org:repo name by @lukehinds in #1104
New Contributors
- @kajinamit made their first contribution in #1081
Full Changelog: 1.7.6...1.7.7
1.7.6
What's Changed
- Update bug report to include version 1.7.5 by @ericwb in #993
- Render Python 3.10 in drop down correctly by @ericwb in #997
- Remove checks for Python2 urllib by @ericwb in #999
- Improper detection of non-requests module by @ericwb in #1011
- xmlrpclib replaced with xmlrpc in Python3 by @ericwb in #1012
- language and linting updates by @marksmayo in #1015
- Adds check for crypt module usage as weak hash by @ericwb in #1018
- Switch to tox 4 by @mportesdev in #1020
- Skip unnecessary
pip install
commands in the pythonpackage.yml workflow by @mportesdev in #1021 - Update versions of used GitHub Actions by @mportesdev in #1024
- Update pre-commit hooks by @mportesdev in #1026
- Add
random.Random
to B311 checks by @shiftinv in #940 - Add a copy button to all code snippets in docs by @ericwb in #1030
- Replace pbr in favor of importlib by @ericwb in #1016
- Switch from open collective to PSF by @ericwb in #1031
- Make pre-commit run Bandit hook using a single process by @Klavionik in #1029
- Remove support for Python 3.7 due to end-of-life by @ericwb in #1034
- Update asserts.py documentation by @deronnax in #1036
- Simplify
wrap_file_object
by @mportesdev in #1037 - django_rawsql_used: support keyword arguments used in
RawSQL
by @kevinmarsh in #765 - Avoid gitpyhon CVE-2022-24439 by @carlosduelo in #1048
- Update blacklist call documentation by @costaparas in #1045
- Support ignoring blacklists by name by @costaparas in #1046
- Fix dependabot to update github actions by @ericwb in #1057
- Bump actions/checkout from 3 to 4 by @dependabot in #1058
- Fix for ReadtheDocs build by @ericwb in #1061
- fix(plugins/B507): also detect class instances by @mkniewallner in #1064
- Use mirror repository for black pre-commit hook by @mportesdev in #1070
- Add official support of Python 3.12 by @ericwb in #1068
- Fix crash on pyproject.toml without bandit config by @javajawa in #1073
- refactor: remove
importlib-metadata
fallback by @mkniewallner in #1066 - Fixes for sphinx build by @ericwb in #1063
New Contributors
- @marksmayo made their first contribution in #1015
- @shiftinv made their first contribution in #940
- @Klavionik made their first contribution in #1029
- @deronnax made their first contribution in #1036
- @kevinmarsh made their first contribution in #765
- @carlosduelo made their first contribution in #1048
- @costaparas made their first contribution in #1045
- @dependabot made their first contribution in #1058
- @javajawa made their first contribution in #1073
Full Changelog: 1.7.5...1.7.6
1.7.5
What's Changed
- Add an example screen shot of Bandit to README by @ericwb in #847
- Bad link to screen shot by @ericwb in #848
- Use a constant for weak hashes by @ericwb in #850
- Group location line with code output by @ericwb in #822
- Fix line range using Python 3.8 end_lineno by @ericwb in #821
- Add classifier to indicate Py3 only by @ericwb in #853
- Removal of blacklist call B309 httpsconnection by @ericwb in #858
- Remove blacklist call check for os.tempnam by @ericwb in #859
- Indiciate hash type in message by @ericwb in #860
- Add the httpx module check for verify by @ericwb in #861
- Add doc for hashlib plugin by @ericwb in #862
- Make use of rich for progress bar by @ericwb in #863
- Replace
toml
withtomli
by @mkniewallner in #829 - Fix up B109 and B111 removed plugins docs by @ericwb in #864
- add check for "requests" calls without timeout by @mschfh in #743
- Fix for build breaks in format job by @ericwb in #869
- Add license and contributing links to docs by @ericwb in #867
- Remove redundant word Bandit in titles of sections by @ericwb in #873
- Add request for feedback via 👍 by @ericwb in #871
- Add a Discord link to the docs by @ericwb in #870
- Adding logging.config.listen() plugin with examples by @raj3shp in #874
- Removal of ghugo by @ericwb in #881
- Remove redundant pip line by @ericwb in #884
- Corrected documentation on configuration by @a-takahashi223 in #868
- Start testing against Python 3.11 by @mkniewallner in #887
- Add myself to sponsor list by @ericwb in #885
- Add Discord link to README by @ericwb in #875
- Update action versions in Actions workflows (#890) by @mportesdev in #893
- Add dependency review action by @ericwb in #891
- Fix an unclosed tag in HTML formatter by @mportesdev in #896
- 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by @rajaramsrn in #897
- Make small fixes in docs by @mportesdev in #899
- Specify semver range for Python 3.11 by @mportesdev in #901
- Add another bad example of yaml load by @ericwb in #905
- Add releases link in "Version control integration" by @travisjungroth in #909
- Update version of dependency-review-action by @mportesdev in #911
- Avoid redundant message if debug on by @ericwb in #913
- Remove invalid checking on hashlib by @ericwb in #914
- Add some missing curve types by @ericwb in #920
- add jsonpickle deserialization blacklist by @SugarP1g in #707
- Fix reading the number argument from config file by @KAUTH in #923
- Add end_col_offset if available by @ericwb in #851
- Enhancement Proposal: Plugin "assert_used" config-skip snippet by @marianomartinelli in #695
- Blacklist pandas read_pickle and add functional test for it by @jaspersival in #710
- Docs for request without timeout has dead link by @ericwb in #925
- Add case for global exec by @tonybaloney in #570
- Fix a false positive condition yaml_load by @ericwb in #927
- Fix issue #453 jinja2 template select_autoescape when using jinja2.select_autoescape by @kinow in #454
- Adding tarfile.extractall() plugin with examples by @yilmi in #549
- Check for deprecated TLS 1.1 by @ericwb in #928
- weak_cryptographic_key assumes positional arg by @ericwb in #930
- Fix filename of B202 in docs by @mportesdev in #932
- Remove python 2 reference in docs by @ericwb in #933
- Pass correct number of arguments to match the
%s
placeholders. by @mportesdev in #934 - Fixup some invalid pickle testing by @ericwb in #924
- Fix json and yaml formatters to respect num lines by @ericwb in #929
- Fix AttributeError on detect of tuple assign condition by @ericwb in #931
- [docs] Mention
exclude_dirs
option available in TOML and YAML by @bittner in #876 - Typo fix by @PermanAtayev in #945
- remove py2 exec example in docs by @clavedeluna in #947
- Add official Python 3.11 support by @ericwb in #964
- DOC: Add explanation on how to use pre-commit with config file by @phofl in #968
- Fix breaking build due to new tox by @ericwb in #983
- Correct build status badge in README by @gliptak in #980
- Improve detecting SQL injections in f-strings by @kfrydel in #917
- Improve handling nosec for multi-line strings by @kfrydel in #915
- Check for github action updates monthly by @jlosito in #989
- Added a bit more
project_urls
by @KOLANICH in #985
New Contributors
- @mschfh made their first contribution in #743
- @raj3shp made their first contribution in #874
- @a-takahashi223 made their first contribution in #868
- @mportesdev made their first contribution in #893
- @rajaramsrn made their first contribution in #897
- @travisjungroth made their first contribution in #909
- @SugarP1g made their first contribution in #707
- @KAUTH made their first contribution in #923
- @marianomartinelli made their first contribution in #695
- @jaspersival made their first contribution in #710
- @kinow made their first contribution in #454
- @yilmi made their first contribution in #549
- @PermanAtayev made their first contribution in #945
- @clavedeluna made their first contribution in #947
- @phofl made their first contribution in #968
- @gliptak made their first contribution in #980
- @kfrydel made their first contribution in #917
- @jlosito made their first contribution in #989
- @KOLANICH made their first contribution in #985
Full Changelog: 1.7.4...1.7.5
1.7.4
What's Changed
- Fix traceback in hashlib_insecure_functions by @ericwb in #834
- Add version 1.7.3 to dropdown by @ericwb in #833
- core/config: Fix ConfigError missing argument if toml is missing by @Holzhaus in #845
- Add 1.7.4 in issue template by @ericwb in #846
New Contributors
Full Changelog: 1.7.3...1.7.4
1.7.3
What's Changed
- Rely on toml conditionally by @sigmavirus24 in #780
- Update issue template with latest versions by @ericwb in #783
- Delete release-drafter.yml by @ericwb in #781
- Use released version of gh-action-pypi-publish by @ericwb in #784
- Update publish-to-pypi.yml by @ericwb in #785
- Delete releasenotes directory (more openstack leftovers) by @ericwb in #786
- [docs] Add Getting Started chapter (migrate from README) by @bittner in #773
- Including CWE information by @julianthome in #613
- Removal of the CWEMAP dict by @ericwb in #789
- Fix up warnings in output of tox by @ericwb in #793
- Avoid printing metrics as float point numbers by @ericwb in #794
- Add functional test of snmp_security_check by @ericwb in #791
- Disable individual tests by @mikespallino in #597
- Change up how CWE is formatted by @ericwb in #788
- Check value of usedforsecurity for hashlib by @ericwb in #798
- Remove redundant Python 3.6 code by @ericwb in #802
- Add new plugin to check use of pyghmi by @ericwb in #803
- Check for hardcoded passwords in class attributes by @noliverio in #766
- Better hashlib check for Python 3.9 by @ericwb in #805
- Fix references to the default branch name by @ericwb in #810
- Cleanup the README by @ericwb in #809
- Show usage with no arguments by @ericwb in #814
- Respect color environment variables if set by @ericwb in #813
- Cannot seek stdin on pipe by @tylerwince in #496
- Test on operating systems we can support by @ericwb in #804
- Fix up some warnings and errors in docs by @ericwb in #817
- Fix root doc for readthedocs by @ericwb in #818
- Use versioned links to docs by @ericwb in #819
- Use CWE link in HTML formatter by @ericwb in #825
- Improve performance of linerange by @Krock21rus in #629
- Inaccurate message in hashlib check by @ericwb in #827
- Target Python >= 3.7 in pre-commit hooks by @mkniewallner in #830
- Center the bandit logo in readme by @ericwb in #823
- Build of artifact fails if raw directive used by @ericwb in #831
New Contributors
- @bittner made their first contribution in #773
- @julianthome made their first contribution in #613
- @noliverio made their first contribution in #766
- @Krock21rus made their first contribution in #629
Full Changelog: 1.7.2...1.7.3
1.7.2
What's Changed
- Fix broken reported URL link for B107 by @bagerard in #751
- test_help_arg: remove assert on 'optional arguments' by @mikelolasagasti in #752
- Create FUNDING.yml by @ericwb in #774
- Start using auto-formatters by @sigmavirus24 in #754
- Drop end-of-life Python 3.5 by @ericwb in #746
- Drop end-of-life Python 3.6 by @ericwb in #777
- Fixup typo by @spagh-eddie in #769
- Fix README.rst by @stannum-l in #365
- Added snmp_security check plugin for various SNMP checks by @Jed-Giblin in #403
- Remove leftover openstack code by @ericwb in #778
- Correctly define extras in
setup.cfg
by @mkniewallner in #755
New Contributors
- @bagerard made their first contribution in #751
- @mikelolasagasti made their first contribution in #752
- @sigmavirus24 made their first contribution in #754
- @spagh-eddie made their first contribution in #769
- @Jed-Giblin made their first contribution in #403
- @mkniewallner made their first contribution in #755
Full Changelog: 1.7.1...1.7.2