Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-bandit for openSUSE:Factory
checked in at 2023-07-27 16:50:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-bandit (Old)
and /work/SRC/openSUSE:Factory/.python-bandit.new.32662 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bandit"
Thu Jul 27 16:50:52 2023 rev:13 rq:1100808 version:1.7.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-bandit/python-bandit.changes
2022-10-27 13:55:26.800957527 +0200
+++ /work/SRC/openSUSE:Factory/.python-bandit.new.32662/python-bandit.changes
2023-07-27 16:51:19.761990842 +0200
@@ -1,0 +2,79 @@
+Mon Jul 24 20:22:50 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- update to 1.7.5:
+ * Added a bit more \`project\_urls\`
+ * Check for github action updates monthly
+ * Improve handling nosec for multi-line strings
+ * Improve detecting SQL injections in f-strings
+ * Correct build status badge in README
+ * Fix breaking build due to new tox
+ * DOC: Add explanation on how to use pre-commit with config
+ file
+ * Add official Python 3.11 support
+ * remove py2 exec example in docs
+ * Typo fix
+ * [docs] Mention \`exclude\_dirs\` option available in TOML and
+ YAML
+ * Fix AttributeError on detect of tuple assign condition
+ * Fix json and yaml formatters to respect num lines
+ * Fixup some invalid pickle testing
+ * Pass correct number of arguments to match the \`%s\`
+ placeholders.
+ * Remove python 2 reference in docs
+ * Fix filename of B202 in docs
+ * weak\_cryptographic\_key assumes positional arg
+ * Check for deprecated TLS 1.1
+ * Adding tarfile.extractall() plugin with examples
+ * Fix issue #453 jinja2 template select\_autoescape when using
+ jinja2.select\_autoescape
+ * Fix a false positive condition yaml\_load
+ * Add case for global exec
+ * Docs for request without timeout has dead link
+ * Blacklist pandas read\_pickle and add functional test for it
+ * Enhancement Proposal: Plugin "assert\_used" config-skip
+ snippet
+ * Add end\_col\_offset if available
+ * Fix reading the number argument from config file
+ * add jsonpickle deserialization blacklist
+ * Add some missing curve types
+ * Remove invalid checking on hashlib
+ * Avoid redundant message if debug on
+ * Update version of dependency-review-action
+ * Add releases link in "Version control integration"
+ * Add another bad example of yaml load
+ * Specify semver range for Python 3.11
+ * Make small fixes in docs
+ * Test plugin listing incorrectly pointing b612 to plugin ref
+ of b1022
+ * Close the <b> tag in HTML formatter
+ * Add dependency review action
+ * Update action versions in Actions workflows (#890)
+ * Add Discord link to README
+ * Add myself to sponsor list
+ * Test against Python 3.11
+ * Corrected documentation on configuration
+ * Remove redundant pip line
+ * Removal of ghugo
+ * Adding logging.config.listen() plugin with examples
+ * Add a Discord link to the docs
+ * Add request for feedback via ð
+ * Remove redundant word Bandit in titles of sections
+ * Add license and contributing links to docs
+ * Fix for build breaks in format job
+ * add check for "requests" calls without timeout
+ * Fix up B109 and B111 removed plugins docs
+ * Replace \`toml\` with \`tomli\`
+ * Make use of rich for the progress bar
+ * Add doc for hashlib plugin
+ * Add the httpx module check for verify
+ * Indiciate hash type in message
+ * Remove blacklist call check for os.tempnam
+ * Removal of blacklist call B309 httpsconnection
+ * Add classifier to indicate Py3 only
+ * Fix line range using Python 3.8 end\_lineno
+ * Group location line with code output
+ * Use a constant for weak hashes
+ * Bad link to screen shot
+ * Add an example screen shot of Bandit to README
+
+-------------------------------------------------------------------
Old:
----
bandit-1.7.4.tar.gz
New:
----
bandit-1.7.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-bandit.spec ++++++
--- /var/tmp/diff_new_pack.1ep9os/_old 2023-07-27 16:51:20.637995791 +0200
+++ /var/tmp/diff_new_pack.1ep9os/_new 2023-07-27 16:51:20.649995859 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-bandit
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
%define pythons python3
%bcond_without builddocs
Name: python-bandit
-Version: 1.7.4
+Version: 1.7.5
Release: 0
Summary: Security oriented static analyser for Python code
License: Apache-2.0
@@ -40,9 +40,12 @@
BuildRequires: python-rpm-macros
Requires: python-GitPython >= 1.0.1
Requires: python-PyYAML >= 5.3.1
+Requires: python-rich
Requires: python-stestr >= 1.0.0
Requires: python-stevedore >= 1.20.0
-Requires: python-toml
+%if %{python_version_nodots} < 311
+Requires: python-tomli
+%endif
Requires(post): update-alternatives
Requires(postun):update-alternatives
BuildArch: noarch
++++++ bandit-1.7.4.tar.gz -> bandit-1.7.5.tar.gz ++++++
++++ 3889 lines of diff (skipped)
++++++ remove-non-test-deps.patch ++++++
--- /var/tmp/diff_new_pack.1ep9os/_old 2023-07-27 16:51:20.965997645 +0200
+++ /var/tmp/diff_new_pack.1ep9os/_new 2023-07-27 16:51:20.969997667 +0200
@@ -1,7 +1,7 @@
-Index: bandit-1.7.2/test-requirements.txt
+Index: bandit-1.7.5/test-requirements.txt
===================================================================
---- bandit-1.7.2.orig/test-requirements.txt
-+++ bandit-1.7.2/test-requirements.txt
+--- bandit-1.7.5.orig/test-requirements.txt
++++ bandit-1.7.5/test-requirements.txt
@@ -1,12 +1,9 @@
# The order of packages is significant, because pip processes them in the
order
# of appearance. Changing the order has an impact on the overall integration
@@ -12,7 +12,7 @@
stestr>=2.5.0 # Apache-2.0
testscenarios>=0.5.0 # Apache-2.0/BSD
testtools>=2.3.0 # MIT
- toml # MIT
+ tomli>=1.1.0;python_version<"3.11" # MIT
beautifulsoup4>=4.8.0 # MIT
-pylint==1.9.4 # GPLv2
