SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python3-bandit-1.7.6-1.3.noarch.rpm :

* Thu Dec 14 2023 Petr Gajdos - update to 1.7.6:
* Fixes for sphinx build
* refactor: remove \\`importlib-metadata\\` fallback
* Fix crash on pyproject.toml without bandit config
* Add official support of Python 3.12
* Use mirror repository for black pre-commit hook
* fix(plugins/B507): also detect class instances
* Fix for ReadtheDocs build
* Bump actions/checkout from 3 to 4
* Fix dependabot to update github actions
* Support ignoring blacklists by name
* Update blacklist call documentation
* Avoid gitpyhon CVE-2022-24439
* django\\_rawsql\\_used: support keyword arguments used in \\`RawSQL\\`
* Simplify \\`wrap\\_file\\_object\\`
* Update asserts.py documentation
* Remove support for Python 3.7 due to end-of-life
* Make pre-commit run Bandit hook using a single process
* Switch from open collective to PSF
* Replace pbr in favor of importlib
* Add a copy button to all code snippets in docs
* Add \\`random.Random\\` to B311 checks
* Update pre-commit hooks
* Update versions of used GitHub Actions
* Skip unnecessary \\`pip install\\` commands in the pythonpackage.yml workflow
* Switch to tox 4
* Adds check for crypt module usage as weak hash
* language and linting updates
* xmlrpclib replaced with xmlrpc in Python3
* Improper detection of non-requests module
* Remove checks for Python2 urllib
* Render Python 3.10 in drop down correctly
* Update bug report to include version 1.7.5
* Mon Jul 24 2023 Dirk Müller - update to 1.7.5:
* Added a bit more \\`project\\_urls\\`
* Check for github action updates monthly
* Improve handling nosec for multi-line strings
* Improve detecting SQL injections in f-strings
* Correct build status badge in README
* Fix breaking build due to new tox
* DOC: Add explanation on how to use pre-commit with config file
* Add official Python 3.11 support
* remove py2 exec example in docs
* Typo fix
* [docs] Mention \\`exclude\\_dirs\\` option available in TOML and YAML
* Fix AttributeError on detect of tuple assign condition
* Fix json and yaml formatters to respect num lines
* Fixup some invalid pickle testing
* Pass correct number of arguments to match the \\`%s\\` placeholders.
* Remove python 2 reference in docs
* Fix filename of B202 in docs
* weak\\_cryptographic\\_key assumes positional arg
* Check for deprecated TLS 1.1
* Adding tarfile.extractall() plugin with examples
* Fix issue #453 jinja2 template select\\_autoescape when using jinja2.select\\_autoescape
* Fix a false positive condition yaml\\_load
* Add case for global exec
* Docs for request without timeout has dead link
* Blacklist pandas read\\_pickle and add functional test for it
* Enhancement Proposal: Plugin \"assert\\_used\" config-skip snippet
* Add end\\_col\\_offset if available
* Fix reading the number argument from config file
* add jsonpickle deserialization blacklist
* Add some missing curve types
* Remove invalid checking on hashlib
* Avoid redundant message if debug on
* Update version of dependency-review-action
* Add releases link in \"Version control integration\"
* Add another bad example of yaml load
* Specify semver range for Python 3.11
* Make small fixes in docs
* Test plugin listing incorrectly pointing b612 to plugin ref of b1022
* Close the tag in HTML formatter
* Add dependency review action
* Update action versions in Actions workflows (#890)
* Add Discord link to README
* Add myself to sponsor list
* Test against Python 3.11
* Corrected documentation on configuration
* Remove redundant pip line
* Removal of ghugo
* Adding logging.config.listen() plugin with examples
* Add a Discord link to the docs
* Add request for feedback via 👍
* Remove redundant word Bandit in titles of sections
* Add license and contributing links to docs
* Fix for build breaks in format job
* add check for \"requests\" calls without timeout
* Fix up B109 and B111 removed plugins docs
* Replace \\`toml\\` with \\`tomli\\`
* Make use of rich for the progress bar
* Add doc for hashlib plugin
* Add the httpx module check for verify
* Indiciate hash type in message
* Remove blacklist call check for os.tempnam
* Removal of blacklist call B309 httpsconnection
* Add classifier to indicate Py3 only
* Fix line range using Python 3.8 end\\_lineno
* Group location line with code output
* Use a constant for weak hashes
* Bad link to screen shot
* Add an example screen shot of Bandit to README
* Thu Oct 27 2022 Daniel Garcia - Remove not needed python-six dependency- Use autosetup instead of setup + patch- More specific sitelib package in %files
* Wed Mar 16 2022 pgajdosAATTsuse.com- version update to 1.7.4 1.7.4 - ----
* Add 1.7.4 in issue template (#846)
* core/config: Fix ConfigError missing argument if toml is missing (#845)
* Add version 1.7.3 to dropdown (#833)
* Fix traceback in hashlib\\_insecure\\_functions (#834) 1.7.3 - ----
* Build of artifact fails if raw directive used (#831)
* Center the bandit logo in readme (#823)
* Target Python >= 3.7 in pre-commit hooks (#830)
* Inaccurate message in hashlib check (#827)
* Improve performance of linerange (#629)
* Use CWE link in HTML formatter (#825)
* Use versioned links to docs (#819)
* Fix root doc for readthedocs (#818)
* Fix up some warnings and errors in docs (#817)
* Test on operating systems we can support (#804)
* Cannot seek stdin on pipe (#496)
* Respect color environment variables if set (#813)
* Show usage with no arguments (#814)
* Cleanup the README
* Fix references to the default branch name (#810)
* Better hashlib check for Python 3.9 (#805)
* Check for hardcoded passwords in class attributes (#766)
* Add new plugin to check use of pyghmi (#803)
* Remove redundant Python 3.6 code (#802)
* Check value of usedforsecurity for hashlib (#798)
* Change up how CWE is formatted (#788)
* Suport disabling individual tests
* Add functional test of snmp\\_security\\_check (#791)
* Avoid printing metrics as float point numbers (#794)
* Fix up warnings in output of tox (#793)
* Removal of the CWEMAP dict (#789)
* Including CWE information (#613)
* Add Getting Started chapter (migrate from README) (#773)
* Delete releasenotes directory (more openstack leftovers) (#786)
* Update publish-to-pypi.yml (#785)
* Use released version of gh-action-pypi-publish (#784)
* Delete release-drafter.yml (#781)
* Update issue template with latest versions (#783)
* Rely on toml conditionally
* Sun Feb 06 2022 Dirk Müller - update to 1.7.2:
* Correctly define extras in \\`setup.cfg\\` (#755)
* Remove leftover openstack code (#778)
* Added snmp\\_security check plugin for various SNMP checks (#403)
* Fix README.rst (#365)
* Fixup typo (#769)
* Drop end-of-life Python 3.6 (#777)
* Drop end-of-life Python 3.5 (#746)
* Start using auto-formatters (#754)
* Create FUNDING.yml (#774)
* test\\_help\\_arg: remove assert on \'optional arguments\' (#752)
* Fix broken reported URL link for B107 (#751)
* Sat Jan 15 2022 Dirk Müller - update to 1.7.1:
* fix reading initial values from .bandit
* Always use a Loader in yaml.load
* PEP-518 support: configure bandit via pyproject.toml
* document that random.choices() isn\'t secure either
* Fix syntax errors in bug report
* Update bug\\_report.yaml
* Fix syntax error in bug report
* Use new issue template format
* Update README.rst
* Mock part of python 3.x
* Add license to package installation metadata
* #694 Bandit fails when using importlib with named arguments
* Add string options for severity and confidence
* Add support for Python 3.9
* Create config.yml
* Add default labels to issues
* Replace http with https URLs
* More cleanup of license headers
* Updates to address docstring code scan issues, add flake8 configuration
* Small syntax and formatting cleanup
* More complete removal of Python2 code
* Show column offset on all formatters
* Add the column offset to the issue model
* Clearer message for subprocess module use
* Specify language\\_version in .pre-commit-hooks.yaml
* Specify output\\_file encoding as utf-8
* Wed Oct 27 2021 pgajdosAATTsuse.com- %check: use %pyunittest rpm macro- added sources + _multibuild
* Tue Mar 09 2021 Steve Kowalik - Update to 1.7.0:
* Remove blacklist call to input() (#662) AATTericwb
* Remove universal support on the wheel (#655) AATTericwb
* Give some tips on how to resolve B101 in the doc (#616) AATTxuhdev
* Don\'t show progress information on --quiet (#641) AATTfniessink
* Add skip configuration to assert_used (#633) AATTwilbertom
* Drop Python2 build, test, and install (#615) AATTericwb
* [FIX] blacklist: fix typo in import_ftplib (#601) AATTYenthe666
* Resolve \'NoneType\' object has no attribute \'id\'Traceback in django_mark_safe (#598) AATTehooo
* Fix typo for activating venv (#590) AATTbavedarnow
* Bump pyyaml (#588) AATTdosisod
* Fix colorama not being disabled after being used (#586) AATTadambenali
* Cleanup some typos in recent contributor guide (#585) AATTericwb
* [DOC] Support python3 venv creation (#583) AATTlook4regev
* Add sha1 to the list of insecure hashes (#561) AATTericwb
* Fix docs for B610,B611,B703 (#555) AATTamacfie
* Add a section explaining \"nosec\" (#554) AATTexhuma
* Add official support of Python 3.8 (#547) AATTericwb
* Ignore common directories by default (#544) AATTericwb
* Add shelve to the pickle blacklists (#542) AATTauscompgeek
* Remove obsolete \"sudo\" keyword. (#538) AATTjugmac00
* Update test requirements to latest versions (#535) AATTericwb
* Fix readme file on Extending Bandit on list things (#534) AATTAurel10
* fix the documentation file README.rst (#533) AATTAurel10
* Cleanup comments after #510 (#532) AATTflorczakraf
* Use SPDX license identifier instead of bulky headers (#530) AATTericwb
* fix B603 docstring (#524) AATTgraingert
* Add type checking to name node of hashlib_new (#516) AATTteeann
* --exit-zero option (#510) AATTmaciejstromich
* Fix 3.8 errors (#509) AATTtylerwince
* Add several ini options for .bandit file (#508) AATTvuolter
* get_url returns different urls calling twice (bug #506) (#507) AATTehooo
* Replace setattr (#493) AATTtylerwince- Refresh remove-non-test-deps.patch
* Sat Feb 13 2021 Dirk Müller - cli tool, don\'t build with multiple python versions
* Thu Jun 04 2020 Dirk Mueller - drop oslosphinx dependency
  
ICM