Bandit Versions Save

Bandit is a tool designed to find common security issues in Python code.

1.7.8

2 months ago

What's Changed

Incorrect tag naming in readme by @lukehinds in https://github.com/PyCQA/bandit/pull/1105
Utilize PyPI's trusted publishing by @ericwb in https://github.com/PyCQA/bandit/pull/1107
Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1109
Add 1.7.7 to versions of bug template by @ericwb in https://github.com/PyCQA/bandit/pull/1110
Use datetime to avoid updating copyright year by @ericwb in https://github.com/PyCQA/bandit/pull/1112
filter data is safe for tarfile extractall by @etienneschalk in https://github.com/PyCQA/bandit/pull/1111
Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/PyCQA/bandit/pull/1115
[B605] Add functions that are vulnerable to shell injection. by @shihai1991 in https://github.com/PyCQA/bandit/pull/1116
Add a SARIF output formatter by @ericwb in https://github.com/PyCQA/bandit/pull/1113

New Contributors

@etienneschalk made their first contribution in https://github.com/PyCQA/bandit/pull/1111
@shihai1991 made their first contribution in https://github.com/PyCQA/bandit/pull/1116

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8

1.7.7

3 months ago

What's Changed

Add the new release to bandit versions of bug template by @ericwb in https://github.com/PyCQA/bandit/pull/1075
Bump actions/setup-python from 4 to 5 by @dependabot in https://github.com/PyCQA/bandit/pull/1076
Handle variant in how policy is passed in paramiko by @ericwb in https://github.com/PyCQA/bandit/pull/1078
Flag str.replace as possible sql injection by @costaparas in https://github.com/PyCQA/bandit/pull/1044
defusedxml: Show correct module name by @kajinamit in https://github.com/PyCQA/bandit/pull/1081
Add tidelift to the sponsor funding list by @ericwb in https://github.com/PyCQA/bandit/pull/1089
Create a security policy by @ericwb in https://github.com/PyCQA/bandit/pull/1091
Fix up issues found running Bandit on itself by @ericwb in https://github.com/PyCQA/bandit/pull/1093
Add random.randbytes to blacklist calls by @ericwb in https://github.com/PyCQA/bandit/pull/1096
Prepend ./ for files specified as CLI args by @ericwb in https://github.com/PyCQA/bandit/pull/1094
Rework GitPython dependency to be an extra for bandit-baseline by @ericwb in https://github.com/PyCQA/bandit/pull/1099
Bump actions/dependency-review-action from 3 to 4 by @dependabot in https://github.com/PyCQA/bandit/pull/1101
Introduce Official Bandit Images by @lukehinds in https://github.com/PyCQA/bandit/pull/1088
Remove markdown formatting in reStructuredText formatted README by @ericwb in https://github.com/PyCQA/bandit/pull/1103
Downsize the org:repo name by @lukehinds in https://github.com/PyCQA/bandit/pull/1104

New Contributors

@kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7

1.7.6

5 months ago

What's Changed

Update bug report to include version 1.7.5 by @ericwb in https://github.com/PyCQA/bandit/pull/993
Render Python 3.10 in drop down correctly by @ericwb in https://github.com/PyCQA/bandit/pull/997
Remove checks for Python2 urllib by @ericwb in https://github.com/PyCQA/bandit/pull/999
Improper detection of non-requests module by @ericwb in https://github.com/PyCQA/bandit/pull/1011
xmlrpclib replaced with xmlrpc in Python3 by @ericwb in https://github.com/PyCQA/bandit/pull/1012
language and linting updates by @marksmayo in https://github.com/PyCQA/bandit/pull/1015
Adds check for crypt module usage as weak hash by @ericwb in https://github.com/PyCQA/bandit/pull/1018
Switch to tox 4 by @mportesdev in https://github.com/PyCQA/bandit/pull/1020
Skip unnecessary pip install commands in the pythonpackage.yml workflow by @mportesdev in https://github.com/PyCQA/bandit/pull/1021
Update versions of used GitHub Actions by @mportesdev in https://github.com/PyCQA/bandit/pull/1024
Update pre-commit hooks by @mportesdev in https://github.com/PyCQA/bandit/pull/1026
Add random.Random to B311 checks by @shiftinv in https://github.com/PyCQA/bandit/pull/940
Add a copy button to all code snippets in docs by @ericwb in https://github.com/PyCQA/bandit/pull/1030
Replace pbr in favor of importlib by @ericwb in https://github.com/PyCQA/bandit/pull/1016
Switch from open collective to PSF by @ericwb in https://github.com/PyCQA/bandit/pull/1031
Make pre-commit run Bandit hook using a single process by @Klavionik in https://github.com/PyCQA/bandit/pull/1029
Remove support for Python 3.7 due to end-of-life by @ericwb in https://github.com/PyCQA/bandit/pull/1034
Update asserts.py documentation by @deronnax in https://github.com/PyCQA/bandit/pull/1036
Simplify wrap_file_object by @mportesdev in https://github.com/PyCQA/bandit/pull/1037
django_rawsql_used: support keyword arguments used in RawSQL by @kevinmarsh in https://github.com/PyCQA/bandit/pull/765
Avoid gitpyhon CVE-2022-24439 by @carlosduelo in https://github.com/PyCQA/bandit/pull/1048
Update blacklist call documentation by @costaparas in https://github.com/PyCQA/bandit/pull/1045
Support ignoring blacklists by name by @costaparas in https://github.com/PyCQA/bandit/pull/1046
Fix dependabot to update github actions by @ericwb in https://github.com/PyCQA/bandit/pull/1057
Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/PyCQA/bandit/pull/1058
Fix for ReadtheDocs build by @ericwb in https://github.com/PyCQA/bandit/pull/1061
fix(plugins/B507): also detect class instances by @mkniewallner in https://github.com/PyCQA/bandit/pull/1064
Use mirror repository for black pre-commit hook by @mportesdev in https://github.com/PyCQA/bandit/pull/1070
Add official support of Python 3.12 by @ericwb in https://github.com/PyCQA/bandit/pull/1068
Fix crash on pyproject.toml without bandit config by @javajawa in https://github.com/PyCQA/bandit/pull/1073
refactor: remove importlib-metadata fallback by @mkniewallner in https://github.com/PyCQA/bandit/pull/1066
Fixes for sphinx build by @ericwb in https://github.com/PyCQA/bandit/pull/1063

New Contributors

@marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015
@shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940
@Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029
@deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036
@kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765
@carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048
@costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045
@dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058
@javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6

1.7.5

1 year ago

What's Changed

Add an example screen shot of Bandit to README by @ericwb in https://github.com/PyCQA/bandit/pull/847
Bad link to screen shot by @ericwb in https://github.com/PyCQA/bandit/pull/848
Use a constant for weak hashes by @ericwb in https://github.com/PyCQA/bandit/pull/850
Group location line with code output by @ericwb in https://github.com/PyCQA/bandit/pull/822
Fix line range using Python 3.8 end_lineno by @ericwb in https://github.com/PyCQA/bandit/pull/821
Add classifier to indicate Py3 only by @ericwb in https://github.com/PyCQA/bandit/pull/853
Removal of blacklist call B309 httpsconnection by @ericwb in https://github.com/PyCQA/bandit/pull/858
Remove blacklist call check for os.tempnam by @ericwb in https://github.com/PyCQA/bandit/pull/859
Indiciate hash type in message by @ericwb in https://github.com/PyCQA/bandit/pull/860
Add the httpx module check for verify by @ericwb in https://github.com/PyCQA/bandit/pull/861
Add doc for hashlib plugin by @ericwb in https://github.com/PyCQA/bandit/pull/862
Make use of rich for progress bar by @ericwb in https://github.com/PyCQA/bandit/pull/863
Replace toml with tomli by @mkniewallner in https://github.com/PyCQA/bandit/pull/829
Fix up B109 and B111 removed plugins docs by @ericwb in https://github.com/PyCQA/bandit/pull/864
add check for "requests" calls without timeout by @mschfh in https://github.com/PyCQA/bandit/pull/743
Fix for build breaks in format job by @ericwb in https://github.com/PyCQA/bandit/pull/869
Add license and contributing links to docs by @ericwb in https://github.com/PyCQA/bandit/pull/867
Remove redundant word Bandit in titles of sections by @ericwb in https://github.com/PyCQA/bandit/pull/873
Add request for feedback via 👍 by @ericwb in https://github.com/PyCQA/bandit/pull/871
Add a Discord link to the docs by @ericwb in https://github.com/PyCQA/bandit/pull/870
Adding logging.config.listen() plugin with examples by @raj3shp in https://github.com/PyCQA/bandit/pull/874
Removal of ghugo by @ericwb in https://github.com/PyCQA/bandit/pull/881
Remove redundant pip line by @ericwb in https://github.com/PyCQA/bandit/pull/884
Corrected documentation on configuration by @a-takahashi223 in https://github.com/PyCQA/bandit/pull/868
Start testing against Python 3.11 by @mkniewallner in https://github.com/PyCQA/bandit/pull/887
Add myself to sponsor list by @ericwb in https://github.com/PyCQA/bandit/pull/885
Add Discord link to README by @ericwb in https://github.com/PyCQA/bandit/pull/875
Update action versions in Actions workflows (#890) by @mportesdev in https://github.com/PyCQA/bandit/pull/893
Add dependency review action by @ericwb in https://github.com/PyCQA/bandit/pull/891
Fix an unclosed tag in HTML formatter by @mportesdev in https://github.com/PyCQA/bandit/pull/896
'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by @rajaramsrn in https://github.com/PyCQA/bandit/pull/897
Make small fixes in docs by @mportesdev in https://github.com/PyCQA/bandit/pull/899
Specify semver range for Python 3.11 by @mportesdev in https://github.com/PyCQA/bandit/pull/901
Add another bad example of yaml load by @ericwb in https://github.com/PyCQA/bandit/pull/905
Add releases link in "Version control integration" by @travisjungroth in https://github.com/PyCQA/bandit/pull/909
Update version of dependency-review-action by @mportesdev in https://github.com/PyCQA/bandit/pull/911
Avoid redundant message if debug on by @ericwb in https://github.com/PyCQA/bandit/pull/913
Remove invalid checking on hashlib by @ericwb in https://github.com/PyCQA/bandit/pull/914
Add some missing curve types by @ericwb in https://github.com/PyCQA/bandit/pull/920
add jsonpickle deserialization blacklist by @SugarP1g in https://github.com/PyCQA/bandit/pull/707
Fix reading the number argument from config file by @KAUTH in https://github.com/PyCQA/bandit/pull/923
Add end_col_offset if available by @ericwb in https://github.com/PyCQA/bandit/pull/851
Enhancement Proposal: Plugin "assert_used" config-skip snippet by @marianomartinelli in https://github.com/PyCQA/bandit/pull/695
Blacklist pandas read_pickle and add functional test for it by @jaspersival in https://github.com/PyCQA/bandit/pull/710
Docs for request without timeout has dead link by @ericwb in https://github.com/PyCQA/bandit/pull/925
Add case for global exec by @tonybaloney in https://github.com/PyCQA/bandit/pull/570
Fix a false positive condition yaml_load by @ericwb in https://github.com/PyCQA/bandit/pull/927
Fix issue #453 jinja2 template select_autoescape when using jinja2.select_autoescape by @kinow in https://github.com/PyCQA/bandit/pull/454
Adding tarfile.extractall() plugin with examples by @yilmi in https://github.com/PyCQA/bandit/pull/549
Check for deprecated TLS 1.1 by @ericwb in https://github.com/PyCQA/bandit/pull/928
weak_cryptographic_key assumes positional arg by @ericwb in https://github.com/PyCQA/bandit/pull/930
Fix filename of B202 in docs by @mportesdev in https://github.com/PyCQA/bandit/pull/932
Remove python 2 reference in docs by @ericwb in https://github.com/PyCQA/bandit/pull/933
Pass correct number of arguments to match the %s placeholders. by @mportesdev in https://github.com/PyCQA/bandit/pull/934
Fixup some invalid pickle testing by @ericwb in https://github.com/PyCQA/bandit/pull/924
Fix json and yaml formatters to respect num lines by @ericwb in https://github.com/PyCQA/bandit/pull/929
Fix AttributeError on detect of tuple assign condition by @ericwb in https://github.com/PyCQA/bandit/pull/931
[docs] Mention exclude_dirs option available in TOML and YAML by @bittner in https://github.com/PyCQA/bandit/pull/876
Typo fix by @PermanAtayev in https://github.com/PyCQA/bandit/pull/945
remove py2 exec example in docs by @clavedeluna in https://github.com/PyCQA/bandit/pull/947
Add official Python 3.11 support by @ericwb in https://github.com/PyCQA/bandit/pull/964
DOC: Add explanation on how to use pre-commit with config file by @phofl in https://github.com/PyCQA/bandit/pull/968
Fix breaking build due to new tox by @ericwb in https://github.com/PyCQA/bandit/pull/983
Correct build status badge in README by @gliptak in https://github.com/PyCQA/bandit/pull/980
Improve detecting SQL injections in f-strings by @kfrydel in https://github.com/PyCQA/bandit/pull/917
Improve handling nosec for multi-line strings by @kfrydel in https://github.com/PyCQA/bandit/pull/915
Check for github action updates monthly by @jlosito in https://github.com/PyCQA/bandit/pull/989
Added a bit more project_urls by @KOLANICH in https://github.com/PyCQA/bandit/pull/985

New Contributors

@mschfh made their first contribution in https://github.com/PyCQA/bandit/pull/743
@raj3shp made their first contribution in https://github.com/PyCQA/bandit/pull/874
@a-takahashi223 made their first contribution in https://github.com/PyCQA/bandit/pull/868
@mportesdev made their first contribution in https://github.com/PyCQA/bandit/pull/893
@rajaramsrn made their first contribution in https://github.com/PyCQA/bandit/pull/897
@travisjungroth made their first contribution in https://github.com/PyCQA/bandit/pull/909
@SugarP1g made their first contribution in https://github.com/PyCQA/bandit/pull/707
@KAUTH made their first contribution in https://github.com/PyCQA/bandit/pull/923
@marianomartinelli made their first contribution in https://github.com/PyCQA/bandit/pull/695
@jaspersival made their first contribution in https://github.com/PyCQA/bandit/pull/710
@kinow made their first contribution in https://github.com/PyCQA/bandit/pull/454
@yilmi made their first contribution in https://github.com/PyCQA/bandit/pull/549
@PermanAtayev made their first contribution in https://github.com/PyCQA/bandit/pull/945
@clavedeluna made their first contribution in https://github.com/PyCQA/bandit/pull/947
@phofl made their first contribution in https://github.com/PyCQA/bandit/pull/968
@gliptak made their first contribution in https://github.com/PyCQA/bandit/pull/980
@kfrydel made their first contribution in https://github.com/PyCQA/bandit/pull/917
@jlosito made their first contribution in https://github.com/PyCQA/bandit/pull/989
@KOLANICH made their first contribution in https://github.com/PyCQA/bandit/pull/985

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5

1.7.4

2 years ago

What's Changed

Fix traceback in hashlib_insecure_functions by @ericwb in https://github.com/PyCQA/bandit/pull/834
Add version 1.7.3 to dropdown by @ericwb in https://github.com/PyCQA/bandit/pull/833
core/config: Fix ConfigError missing argument if toml is missing by @Holzhaus in https://github.com/PyCQA/bandit/pull/845
Add 1.7.4 in issue template by @ericwb in https://github.com/PyCQA/bandit/pull/846

New Contributors

@Holzhaus made their first contribution in https://github.com/PyCQA/bandit/pull/845

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.3...1.7.4

1.7.3

2 years ago

What's Changed

Rely on toml conditionally by @sigmavirus24 in https://github.com/PyCQA/bandit/pull/780
Update issue template with latest versions by @ericwb in https://github.com/PyCQA/bandit/pull/783
Delete release-drafter.yml by @ericwb in https://github.com/PyCQA/bandit/pull/781
Use released version of gh-action-pypi-publish by @ericwb in https://github.com/PyCQA/bandit/pull/784
Update publish-to-pypi.yml by @ericwb in https://github.com/PyCQA/bandit/pull/785
Delete releasenotes directory (more openstack leftovers) by @ericwb in https://github.com/PyCQA/bandit/pull/786
[docs] Add Getting Started chapter (migrate from README) by @bittner in https://github.com/PyCQA/bandit/pull/773
Including CWE information by @julianthome in https://github.com/PyCQA/bandit/pull/613
Removal of the CWEMAP dict by @ericwb in https://github.com/PyCQA/bandit/pull/789
Fix up warnings in output of tox by @ericwb in https://github.com/PyCQA/bandit/pull/793
Avoid printing metrics as float point numbers by @ericwb in https://github.com/PyCQA/bandit/pull/794
Add functional test of snmp_security_check by @ericwb in https://github.com/PyCQA/bandit/pull/791
Disable individual tests by @mikespallino in https://github.com/PyCQA/bandit/pull/597
Change up how CWE is formatted by @ericwb in https://github.com/PyCQA/bandit/pull/788
Check value of usedforsecurity for hashlib by @ericwb in https://github.com/PyCQA/bandit/pull/798
Remove redundant Python 3.6 code by @ericwb in https://github.com/PyCQA/bandit/pull/802
Add new plugin to check use of pyghmi by @ericwb in https://github.com/PyCQA/bandit/pull/803
Check for hardcoded passwords in class attributes by @noliverio in https://github.com/PyCQA/bandit/pull/766
Better hashlib check for Python 3.9 by @ericwb in https://github.com/PyCQA/bandit/pull/805
Fix references to the default branch name by @ericwb in https://github.com/PyCQA/bandit/pull/810
Cleanup the README by @ericwb in https://github.com/PyCQA/bandit/pull/809
Show usage with no arguments by @ericwb in https://github.com/PyCQA/bandit/pull/814
Respect color environment variables if set by @ericwb in https://github.com/PyCQA/bandit/pull/813
Cannot seek stdin on pipe by @tylerwince in https://github.com/PyCQA/bandit/pull/496
Test on operating systems we can support by @ericwb in https://github.com/PyCQA/bandit/pull/804
Fix up some warnings and errors in docs by @ericwb in https://github.com/PyCQA/bandit/pull/817
Fix root doc for readthedocs by @ericwb in https://github.com/PyCQA/bandit/pull/818
Use versioned links to docs by @ericwb in https://github.com/PyCQA/bandit/pull/819
Use CWE link in HTML formatter by @ericwb in https://github.com/PyCQA/bandit/pull/825
Improve performance of linerange by @Krock21rus in https://github.com/PyCQA/bandit/pull/629
Inaccurate message in hashlib check by @ericwb in https://github.com/PyCQA/bandit/pull/827
Target Python >= 3.7 in pre-commit hooks by @mkniewallner in https://github.com/PyCQA/bandit/pull/830
Center the bandit logo in readme by @ericwb in https://github.com/PyCQA/bandit/pull/823
Build of artifact fails if raw directive used by @ericwb in https://github.com/PyCQA/bandit/pull/831

New Contributors

@bittner made their first contribution in https://github.com/PyCQA/bandit/pull/773
@julianthome made their first contribution in https://github.com/PyCQA/bandit/pull/613
@noliverio made their first contribution in https://github.com/PyCQA/bandit/pull/766
@Krock21rus made their first contribution in https://github.com/PyCQA/bandit/pull/629

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.2...1.7.3

1.7.2

2 years ago

What's Changed

Fix broken reported URL link for B107 by @bagerard in https://github.com/PyCQA/bandit/pull/751
test_help_arg: remove assert on 'optional arguments' by @mikelolasagasti in https://github.com/PyCQA/bandit/pull/752
Create FUNDING.yml by @ericwb in https://github.com/PyCQA/bandit/pull/774
Start using auto-formatters by @sigmavirus24 in https://github.com/PyCQA/bandit/pull/754
Drop end-of-life Python 3.5 by @ericwb in https://github.com/PyCQA/bandit/pull/746
Drop end-of-life Python 3.6 by @ericwb in https://github.com/PyCQA/bandit/pull/777
Fixup typo by @spagh-eddie in https://github.com/PyCQA/bandit/pull/769
Fix README.rst by @stannum-l in https://github.com/PyCQA/bandit/pull/365
Added snmp_security check plugin for various SNMP checks by @Jed-Giblin in https://github.com/PyCQA/bandit/pull/403
Remove leftover openstack code by @ericwb in https://github.com/PyCQA/bandit/pull/778
Correctly define extras in setup.cfg by @mkniewallner in https://github.com/PyCQA/bandit/pull/755

New Contributors

@bagerard made their first contribution in https://github.com/PyCQA/bandit/pull/751
@mikelolasagasti made their first contribution in https://github.com/PyCQA/bandit/pull/752
@sigmavirus24 made their first contribution in https://github.com/PyCQA/bandit/pull/754
@spagh-eddie made their first contribution in https://github.com/PyCQA/bandit/pull/769
@Jed-Giblin made their first contribution in https://github.com/PyCQA/bandit/pull/403
@mkniewallner made their first contribution in https://github.com/PyCQA/bandit/pull/755

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.1...1.7.2

1.7.1

2 years ago

What's Changed

Specify output_file encoding as utf-8 by @Brcrwilliams in https://github.com/PyCQA/bandit/pull/364
Specify language_version in .pre-commit-hooks.yaml by @jdufresne in https://github.com/PyCQA/bandit/pull/670
Clearer message for subprocess module use by @ericwb in https://github.com/PyCQA/bandit/pull/667
Add the column offset to the issue model by @tonybaloney in https://github.com/PyCQA/bandit/pull/618
Show column offset on all formatters by @ericwb in https://github.com/PyCQA/bandit/pull/673
More complete removal of Python2 code by @ericwb in https://github.com/PyCQA/bandit/pull/674
Small syntax and formatting cleanup by @ericwb in https://github.com/PyCQA/bandit/pull/676
Updates to address docstring code scan issues, add flake8 configuration by @asears in https://github.com/PyCQA/bandit/pull/671
More cleanup of license headers by @ericwb in https://github.com/PyCQA/bandit/pull/679
Replace http with https URLs by @ericwb in https://github.com/PyCQA/bandit/pull/680
Add default labels to issues by @ericwb in https://github.com/PyCQA/bandit/pull/681
Prevent creation of blank issues by @ericwb in https://github.com/PyCQA/bandit/pull/682
Include the line number when using HTML output format by @aludwin1 in https://github.com/PyCQA/bandit/pull/683
Add support for Python 3.9 by @ericwb in https://github.com/PyCQA/bandit/pull/650
Add numeric options for severity and confidence by @nathanstocking in https://github.com/PyCQA/bandit/pull/702
#694 Bandit fails when using importlib with named arguments by @maciejstromich in https://github.com/PyCQA/bandit/pull/701
Add license to package installation metadata by @RobbeSneyders in https://github.com/PyCQA/bandit/pull/705
Mock part of python 3.x by @ericwb in https://github.com/PyCQA/bandit/pull/685
Remove statement about Py3 by @ericwb in https://github.com/PyCQA/bandit/pull/713
Use new issue template format by @ericwb in https://github.com/PyCQA/bandit/pull/717
Fix syntax error in bug report by @ericwb in https://github.com/PyCQA/bandit/pull/718
Remove steps in reproduce section by @ericwb in https://github.com/PyCQA/bandit/pull/719
Fix syntax errors in bug report by @ericwb in https://github.com/PyCQA/bandit/pull/720
document that random.choices() isn't secure either by @taybin in https://github.com/PyCQA/bandit/pull/728
PEP-518 support: configure bandit via pyproject.toml by @orsinium in https://github.com/PyCQA/bandit/pull/401
Always use a Loader in yaml.load by @ericwb in https://github.com/PyCQA/bandit/pull/745
fix reading initial values from .bandit by @alipqb in https://github.com/PyCQA/bandit/pull/722

New Contributors

@Brcrwilliams made their first contribution in https://github.com/PyCQA/bandit/pull/364
@jdufresne made their first contribution in https://github.com/PyCQA/bandit/pull/670
@tonybaloney made their first contribution in https://github.com/PyCQA/bandit/pull/618
@asears made their first contribution in https://github.com/PyCQA/bandit/pull/671
@aludwin1 made their first contribution in https://github.com/PyCQA/bandit/pull/683
@nathanstocking made their first contribution in https://github.com/PyCQA/bandit/pull/702
@RobbeSneyders made their first contribution in https://github.com/PyCQA/bandit/pull/705
@taybin made their first contribution in https://github.com/PyCQA/bandit/pull/728
@orsinium made their first contribution in https://github.com/PyCQA/bandit/pull/401
@alipqb made their first contribution in https://github.com/PyCQA/bandit/pull/722

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1

1.7.0

3 years ago

What's Changed

Use GitHub Action badge for build by @ericwb in https://github.com/PyCQA/bandit/pull/651
Remove universal support on the wheel by @ericwb in https://github.com/PyCQA/bandit/pull/655
Give some tips on how to resolve B101 in the doc by @xuhdev in https://github.com/PyCQA/bandit/pull/616
Remove blacklist call to input() by @ericwb in https://github.com/PyCQA/bandit/pull/662
Create CODEOWNERS by @ericwb in https://github.com/PyCQA/bandit/pull/661

New Contributors

@xuhdev made their first contribution in https://github.com/PyCQA/bandit/pull/616

Full Changelog: https://github.com/PyCQA/bandit/compare/1.6.3...1.7.0

1.6.3

3 years ago

What's Changed

Replace setattr by @tylerwince in https://github.com/PyCQA/bandit/pull/493
Fix 3.8 errors by @tylerwince in https://github.com/PyCQA/bandit/pull/509
get_url returns different urls calling twice (bug #506) by @ehooo in https://github.com/PyCQA/bandit/pull/507
fix B603 docstring by @graingert in https://github.com/PyCQA/bandit/pull/524
--exit-zero option by @maciejstromich in https://github.com/PyCQA/bandit/pull/510
fix the documentation file README.rst by @MrDolev in https://github.com/PyCQA/bandit/pull/533
Cleanup comments after #510 by @florczakraf in https://github.com/PyCQA/bandit/pull/532
Update test requirements to latest versions by @ericwb in https://github.com/PyCQA/bandit/pull/535
Remove obsolete "sudo" keyword. by @jugmac00 in https://github.com/PyCQA/bandit/pull/538
Remove unused bindep.txt file by @ericwb in https://github.com/PyCQA/bandit/pull/539
Revert "Revert "Update python documentation links for version 3 counterparts"" by @ericwb in https://github.com/PyCQA/bandit/pull/540
Add several ini options for .bandit file by @vuolter in https://github.com/PyCQA/bandit/pull/508
Add type checking to name node of hashlib_new by @teeann in https://github.com/PyCQA/bandit/pull/516
Add more missing ini options by @ericwb in https://github.com/PyCQA/bandit/pull/541
Add shelve to the pickle blacklists by @auscompgeek in https://github.com/PyCQA/bandit/pull/542
Fix readme file on Extending Bandit on list things by @MrDolev in https://github.com/PyCQA/bandit/pull/534
Add official support of Python 3.8 by @ericwb in https://github.com/PyCQA/bandit/pull/547
update README to add info about badge by @zachvalenta in https://github.com/PyCQA/bandit/pull/482
Fix docs for B610,B611,B703 by @amacfie in https://github.com/PyCQA/bandit/pull/555
Use SPDX license identifier instead of bulky headers by @ericwb in https://github.com/PyCQA/bandit/pull/530
Add a section explaining "nosec" by @exhuma in https://github.com/PyCQA/bandit/pull/554
replace 'then' with 'than' by @pwoolvett in https://github.com/PyCQA/bandit/pull/557
Add sha1 to the list of insecure hashes by @ericwb in https://github.com/PyCQA/bandit/pull/561
Use GitHub Actions to run CI by @ericwb in https://github.com/PyCQA/bandit/pull/565
Ignore common directories by default by @ericwb in https://github.com/PyCQA/bandit/pull/544
Add push and pull request to GH Action trigger by @ericwb in https://github.com/PyCQA/bandit/pull/567
Add contributing file by @Glyphack in https://github.com/PyCQA/bandit/pull/572
Fix contributing typo by @Glyphack in https://github.com/PyCQA/bandit/pull/582
[DOC] Support python3 venv creation by @look4regev in https://github.com/PyCQA/bandit/pull/583
Cleanup some typos in recent contributor guide by @ericwb in https://github.com/PyCQA/bandit/pull/585
Fix colorama not being disabled after being used by @adambenali in https://github.com/PyCQA/bandit/pull/586
Fix typo for activating venv by @bavedarnow in https://github.com/PyCQA/bandit/pull/590
Bump pyyaml by @dosisod in https://github.com/PyCQA/bandit/pull/588
Update CODE_OF_CONDUCT.md by @ericwb in https://github.com/PyCQA/bandit/pull/591
Resolve 'NoneType' object has no attribute 'id'Traceback in django_mark_safe by @ehooo in https://github.com/PyCQA/bandit/pull/598
[FIX] blacklist: fix typo in import_ftplib by @Yenthe666 in https://github.com/PyCQA/bandit/pull/601
Add release notes project URL by @scop in https://github.com/PyCQA/bandit/pull/610
Drop Python2 build, test, and install by @ericwb in https://github.com/PyCQA/bandit/pull/615
Fix # noqa rendering in docs by @DrGFreeman in https://github.com/PyCQA/bandit/pull/645
Don't show progress information on --quiet by @fniessink in https://github.com/PyCQA/bandit/pull/641
Add skip configuration to assert_used by @wilbertom in https://github.com/PyCQA/bandit/pull/633
GitHub Action to publish to Test PyPI by @ericwb in https://github.com/PyCQA/bandit/pull/652
Add workflow to publish to PyPI by @ericwb in https://github.com/PyCQA/bandit/pull/653

New Contributors

@graingert made their first contribution in https://github.com/PyCQA/bandit/pull/524
@MrDolev made their first contribution in https://github.com/PyCQA/bandit/pull/533
@florczakraf made their first contribution in https://github.com/PyCQA/bandit/pull/532
@jugmac00 made their first contribution in https://github.com/PyCQA/bandit/pull/538
@vuolter made their first contribution in https://github.com/PyCQA/bandit/pull/508
@teeann made their first contribution in https://github.com/PyCQA/bandit/pull/516
@auscompgeek made their first contribution in https://github.com/PyCQA/bandit/pull/542
@zachvalenta made their first contribution in https://github.com/PyCQA/bandit/pull/482
@amacfie made their first contribution in https://github.com/PyCQA/bandit/pull/555
@exhuma made their first contribution in https://github.com/PyCQA/bandit/pull/554
@pwoolvett made their first contribution in https://github.com/PyCQA/bandit/pull/557
@Glyphack made their first contribution in https://github.com/PyCQA/bandit/pull/572
@look4regev made their first contribution in https://github.com/PyCQA/bandit/pull/583
@adambenali made their first contribution in https://github.com/PyCQA/bandit/pull/586
@bavedarnow made their first contribution in https://github.com/PyCQA/bandit/pull/590
@dosisod made their first contribution in https://github.com/PyCQA/bandit/pull/588
@Yenthe666 made their first contribution in https://github.com/PyCQA/bandit/pull/601
@scop made their first contribution in https://github.com/PyCQA/bandit/pull/610
@DrGFreeman made their first contribution in https://github.com/PyCQA/bandit/pull/645
@fniessink made their first contribution in https://github.com/PyCQA/bandit/pull/641
@wilbertom made their first contribution in https://github.com/PyCQA/bandit/pull/633

Full Changelog: https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3