What's Changed
* Incorrect tag naming in readme by lukehinds in https://github.com/PyCQA/bandit/pull/1105
* Utilize PyPI's trusted publishing by ericwb in https://github.com/PyCQA/bandit/pull/1107
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by dependabot in https://github.com/PyCQA/bandit/pull/1109
* Add 1.7.7 to versions of bug template by ericwb in https://github.com/PyCQA/bandit/pull/1110
* Use datetime to avoid updating copyright year by ericwb in https://github.com/PyCQA/bandit/pull/1112
* filter data is safe for tarfile extractall by etienneschalk in https://github.com/PyCQA/bandit/pull/1111
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by dependabot in https://github.com/PyCQA/bandit/pull/1115
* [B605] Add functions that are vulnerable to shell injection. by shihai1991 in https://github.com/PyCQA/bandit/pull/1116
* Add a SARIF output formatter by ericwb in https://github.com/PyCQA/bandit/pull/1113
New Contributors
* etienneschalk made their first contribution in https://github.com/PyCQA/bandit/pull/1111
* shihai1991 made their first contribution in https://github.com/PyCQA/bandit/pull/1116
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8