Bump bandit from 1.7.7 to 1.7.8
Bumps bandit from 1.7.7 to 1.7.8.
Release notes
Sourced from bandit's releases.
1.7.8
What's Changed
- Incorrect tag naming in readme by
@lukehinds
in PyCQA/bandit#1105- Utilize PyPI's trusted publishing by
@ericwb
in PyCQA/bandit#1107- Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by
@dependabot
in PyCQA/bandit#1109- Add 1.7.7 to versions of bug template by
@ericwb
in PyCQA/bandit#1110- Use datetime to avoid updating copyright year by
@ericwb
in PyCQA/bandit#1112- filter data is safe for tarfile extractall by
@etienneschalk
in PyCQA/bandit#1111- Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by
@dependabot
in PyCQA/bandit#1115- [B605] Add functions that are vulnerable to shell injection. by
@shihai1991
in PyCQA/bandit#1116- Add a SARIF output formatter by
@ericwb
in PyCQA/bandit#1113New Contributors
@etienneschalk
made their first contribution in PyCQA/bandit#1111@shihai1991
made their first contribution in PyCQA/bandit#1116Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8
Commits
-
22b4226
Add a SARIF output formatter (#1113) -
b603dce
[B605] Add functions that are vulnerable to shell injection. (#1116) -
a682a18
Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#1115) -
c8d5f77
filter data is safe for tarfile extractall (#1111) -
e041e12
Use datetime to avoid updating copyright year (#1112) -
5b16b6a
Add 1.7.7 to versions of bug template (#1110) -
858bfd8
Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1109) -
be5d6ac
Utilize PyPI's trusted publishing (#1107) -
c3a07e5
Incorrect tag naming in readme (#1105) - See full diff in compare view