Workflow

Bandit

Latest version: v1.8.0

Safety actively analyzes 688775 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 3

1.8.0

What's Changed
* Bump docker/build-push-action from 6.7.0 to 6.9.0 by dependabot in https://github.com/PyCQA/bandit/pull/1178
* Rename doc file to match proper bandit ID by ericwb in https://github.com/PyCQA/bandit/pull/1183
* Removal of Python 3.8 support by ericwb in https://github.com/PyCQA/bandit/pull/1174
* Add more insecure cryptography cipher algorithms by ericwb in https://github.com/PyCQA/bandit/pull/1185
* Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by dependabot in https://github.com/PyCQA/bandit/pull/1186
* Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by dependabot in https://github.com/PyCQA/bandit/pull/1187
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1162
* No need to check httpx client without timeout defined by ericwb in https://github.com/PyCQA/bandit/pull/1177
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1191
* Mark Python 3.13 as officially supported by ericwb in https://github.com/PyCQA/bandit/pull/1192
* Update project urls with added links by ericwb in https://github.com/PyCQA/bandit/pull/1193
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1196
* Add a JSON to seek funding from the FLOSS/fund by ericwb in https://github.com/PyCQA/bandit/pull/1194
* Remove Sentry as a sponsor by ericwb in https://github.com/PyCQA/bandit/pull/1198
* Remove more leftover OpenStack references by ericwb in https://github.com/PyCQA/bandit/pull/1195


**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.10...1.8.0

1.7.10

What's Changed
* Bump docker/build-push-action from 5.4.0 to 6.0.0 by dependabot in https://github.com/PyCQA/bandit/pull/1147
* Suggested small refactors in assignments by ericwb in https://github.com/PyCQA/bandit/pull/1150
* Performance improvement in blacklist function by ericwb in https://github.com/PyCQA/bandit/pull/1148
* Add test for usage of FTP_TLS by ericwb in https://github.com/PyCQA/bandit/pull/1149
* New check: B113: TrojanSource - Bidirectional control characters by Lucas-C in https://github.com/PyCQA/bandit/pull/757
* Bump docker/build-push-action from 6.0.0 to 6.1.0 by dependabot in https://github.com/PyCQA/bandit/pull/1152
* feat(plugins): add support for `httpx` in `B113` by mkniewallner in https://github.com/PyCQA/bandit/pull/1060
* Nit: remove unused variable by ericwb in https://github.com/PyCQA/bandit/pull/1153
* Add recent releases to version choice in bug report by ericwb in https://github.com/PyCQA/bandit/pull/1151
* Bump docker/build-push-action from 6.1.0 to 6.2.0 by dependabot in https://github.com/PyCQA/bandit/pull/1155
* Bump docker/build-push-action from 6.2.0 to 6.3.0 by dependabot in https://github.com/PyCQA/bandit/pull/1157
* Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by dependabot in https://github.com/PyCQA/bandit/pull/1156
* Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by dependabot in https://github.com/PyCQA/bandit/pull/1158
* Bump docker/login-action from 3.2.0 to 3.3.0 by dependabot in https://github.com/PyCQA/bandit/pull/1159
* Bump docker/build-push-action from 6.3.0 to 6.5.0 by dependabot in https://github.com/PyCQA/bandit/pull/1160
* Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by dependabot in https://github.com/PyCQA/bandit/pull/1163
* Bump docker/build-push-action from 6.5.0 to 6.6.1 by dependabot in https://github.com/PyCQA/bandit/pull/1166
* Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by dependabot in https://github.com/PyCQA/bandit/pull/1165
* Bump docker/build-push-action from 6.6.1 to 6.7.0 by dependabot in https://github.com/PyCQA/bandit/pull/1168
* Use consistent file naming of docs by ericwb in https://github.com/PyCQA/bandit/pull/1170
* Pytorch Load / Save Plugin by lukehinds in https://github.com/PyCQA/bandit/pull/1114

New Contributors
* Lucas-C made their first contribution in https://github.com/PyCQA/bandit/pull/757

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.9...1.7.10

1.7.9

What's Changed
* Bump docker/build-push-action from 5.1.0 to 5.2.0 by dependabot in https://github.com/PyCQA/bandit/pull/1117
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1119
* New logo for Bandit based on raccoon by ericwb in https://github.com/PyCQA/bandit/pull/1121
* Start testing on Python 3.13 by ericwb in https://github.com/PyCQA/bandit/pull/1122
* Bump docker/build-push-action from 5.2.0 to 5.3.0 by dependabot in https://github.com/PyCQA/bandit/pull/1123
* Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by dependabot in https://github.com/PyCQA/bandit/pull/1124
* Bump docker/login-action from 3.0.0 to 3.1.0 by dependabot in https://github.com/PyCQA/bandit/pull/1125
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1126
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1127
* Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by dependabot in https://github.com/PyCQA/bandit/pull/1130
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1131
* Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by dependabot in https://github.com/PyCQA/bandit/pull/1132
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1133
* Updates banner logo so it renders well in dark mode by ericwb in https://github.com/PyCQA/bandit/pull/1134
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1135
* Add a sponsor section to README by ericwb in https://github.com/PyCQA/bandit/pull/1137
* Ensure sarif extra is included as part of doc build by ericwb in https://github.com/PyCQA/bandit/pull/1139
* Bump docker/login-action from 3.1.0 to 3.2.0 by dependabot in https://github.com/PyCQA/bandit/pull/1142
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1143
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/PyCQA/bandit/pull/1145
* Guard against empty call argument list by ericwb in https://github.com/PyCQA/bandit/pull/1146
* Bump docker/build-push-action from 5.3.0 to 5.4.0 by dependabot in https://github.com/PyCQA/bandit/pull/1144
* Support `configfile` in `.bandit` file by bersbersbers in https://github.com/PyCQA/bandit/pull/1052

New Contributors
* pre-commit-ci made their first contribution in https://github.com/PyCQA/bandit/pull/1119
* bersbersbers made their first contribution in https://github.com/PyCQA/bandit/pull/1052

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9

1.7.8

What's Changed
* Incorrect tag naming in readme by lukehinds in https://github.com/PyCQA/bandit/pull/1105
* Utilize PyPI's trusted publishing by ericwb in https://github.com/PyCQA/bandit/pull/1107
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by dependabot in https://github.com/PyCQA/bandit/pull/1109
* Add 1.7.7 to versions of bug template by ericwb in https://github.com/PyCQA/bandit/pull/1110
* Use datetime to avoid updating copyright year by ericwb in https://github.com/PyCQA/bandit/pull/1112
* filter data is safe for tarfile extractall by etienneschalk in https://github.com/PyCQA/bandit/pull/1111
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by dependabot in https://github.com/PyCQA/bandit/pull/1115
* [B605] Add functions that are vulnerable to shell injection. by shihai1991 in https://github.com/PyCQA/bandit/pull/1116
* Add a SARIF output formatter by ericwb in https://github.com/PyCQA/bandit/pull/1113

New Contributors
* etienneschalk made their first contribution in https://github.com/PyCQA/bandit/pull/1111
* shihai1991 made their first contribution in https://github.com/PyCQA/bandit/pull/1116

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8

1.7.7

What's Changed
* Add the new release to bandit versions of bug template by ericwb in https://github.com/PyCQA/bandit/pull/1075
* Bump actions/setup-python from 4 to 5 by dependabot in https://github.com/PyCQA/bandit/pull/1076
* Handle variant in how policy is passed in paramiko by ericwb in https://github.com/PyCQA/bandit/pull/1078
* Flag str.replace as possible sql injection by costaparas in https://github.com/PyCQA/bandit/pull/1044
* defusedxml: Show correct module name by kajinamit in https://github.com/PyCQA/bandit/pull/1081
* Add tidelift to the sponsor funding list by ericwb in https://github.com/PyCQA/bandit/pull/1089
* Create a security policy by ericwb in https://github.com/PyCQA/bandit/pull/1091
* Fix up issues found running Bandit on itself by ericwb in https://github.com/PyCQA/bandit/pull/1093
* Add random.randbytes to blacklist calls by ericwb in https://github.com/PyCQA/bandit/pull/1096
* Prepend ./ for files specified as CLI args by ericwb in https://github.com/PyCQA/bandit/pull/1094
* Rework GitPython dependency to be an extra for bandit-baseline by ericwb in https://github.com/PyCQA/bandit/pull/1099
* Bump actions/dependency-review-action from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1101
* Introduce Official Bandit Images by lukehinds in https://github.com/PyCQA/bandit/pull/1088
* Remove markdown formatting in reStructuredText formatted README by ericwb in https://github.com/PyCQA/bandit/pull/1103
* Downsize the org:repo name by lukehinds in https://github.com/PyCQA/bandit/pull/1104

New Contributors
* kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7

1.7.6

Not secure
What's Changed
* Update bug report to include version 1.7.5 by ericwb in https://github.com/PyCQA/bandit/pull/993
* Render Python 3.10 in drop down correctly by ericwb in https://github.com/PyCQA/bandit/pull/997
* Remove checks for Python2 urllib by ericwb in https://github.com/PyCQA/bandit/pull/999
* Improper detection of non-requests module by ericwb in https://github.com/PyCQA/bandit/pull/1011
* xmlrpclib replaced with xmlrpc in Python3 by ericwb in https://github.com/PyCQA/bandit/pull/1012
* language and linting updates by marksmayo in https://github.com/PyCQA/bandit/pull/1015
* Adds check for crypt module usage as weak hash by ericwb in https://github.com/PyCQA/bandit/pull/1018
* Switch to tox 4 by mportesdev in https://github.com/PyCQA/bandit/pull/1020
* Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by mportesdev in https://github.com/PyCQA/bandit/pull/1021
* Update versions of used GitHub Actions by mportesdev in https://github.com/PyCQA/bandit/pull/1024
* Update pre-commit hooks by mportesdev in https://github.com/PyCQA/bandit/pull/1026
* Add `random.Random` to B311 checks by shiftinv in https://github.com/PyCQA/bandit/pull/940
* Add a copy button to all code snippets in docs by ericwb in https://github.com/PyCQA/bandit/pull/1030
* Replace pbr in favor of importlib by ericwb in https://github.com/PyCQA/bandit/pull/1016
* Switch from open collective to PSF by ericwb in https://github.com/PyCQA/bandit/pull/1031
* Make pre-commit run Bandit hook using a single process by Klavionik in https://github.com/PyCQA/bandit/pull/1029
* Remove support for Python 3.7 due to end-of-life by ericwb in https://github.com/PyCQA/bandit/pull/1034
* Update asserts.py documentation by deronnax in https://github.com/PyCQA/bandit/pull/1036
* Simplify `wrap_file_object` by mportesdev in https://github.com/PyCQA/bandit/pull/1037
* django_rawsql_used: support keyword arguments used in `RawSQL` by kevinmarsh in https://github.com/PyCQA/bandit/pull/765
* Avoid gitpyhon CVE-2022-24439 by carlosduelo in https://github.com/PyCQA/bandit/pull/1048
* Update blacklist call documentation by costaparas in https://github.com/PyCQA/bandit/pull/1045
* Support ignoring blacklists by name by costaparas in https://github.com/PyCQA/bandit/pull/1046
* Fix dependabot to update github actions by ericwb in https://github.com/PyCQA/bandit/pull/1057
* Bump actions/checkout from 3 to 4 by dependabot in https://github.com/PyCQA/bandit/pull/1058
* Fix for ReadtheDocs build by ericwb in https://github.com/PyCQA/bandit/pull/1061
* fix(plugins/B507): also detect class instances by mkniewallner in https://github.com/PyCQA/bandit/pull/1064
* Use mirror repository for black pre-commit hook by mportesdev in https://github.com/PyCQA/bandit/pull/1070
* Add official support of Python 3.12 by ericwb in https://github.com/PyCQA/bandit/pull/1068
* Fix crash on pyproject.toml without bandit config by javajawa in https://github.com/PyCQA/bandit/pull/1073
* refactor: remove `importlib-metadata` fallback by mkniewallner in https://github.com/PyCQA/bandit/pull/1066
* Fixes for sphinx build by ericwb in https://github.com/PyCQA/bandit/pull/1063

New Contributors
* marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015
* shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940
* Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029
* deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036
* kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765
* carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048
* costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045
* dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058
* javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073

**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6

Page 1 of 3

Links

Releases

Has known vulnerabilities

Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.