dependabot[bot] opened a new pull request, #1931: URL: https://github.com/apache/libcloud/pull/1931
Bumps [bandit[toml]](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyCQA/bandit/releases";>bandit[toml]'s releases</a>.</em></p> <blockquote> <h2>1.7.5</h2> <h2>What's Changed</h2> <ul> <li>Add an example screen shot of Bandit to README by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/847";>PyCQA/bandit#847</a></li> <li>Bad link to screen shot by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/848";>PyCQA/bandit#848</a></li> <li>Use a constant for weak hashes by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/850";>PyCQA/bandit#850</a></li> <li>Group location line with code output by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/822";>PyCQA/bandit#822</a></li> <li>Fix line range using Python 3.8 end_lineno by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/821";>PyCQA/bandit#821</a></li> <li>Add classifier to indicate Py3 only by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/853";>PyCQA/bandit#853</a></li> <li>Removal of blacklist call B309 httpsconnection by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/858";>PyCQA/bandit#858</a></li> <li>Remove blacklist call check for os.tempnam by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/859";>PyCQA/bandit#859</a></li> <li>Indiciate hash type in message by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/860";>PyCQA/bandit#860</a></li> <li>Add the httpx module check for verify by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/861";>PyCQA/bandit#861</a></li> <li>Add doc for hashlib plugin by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/862";>PyCQA/bandit#862</a></li> <li>Make use of rich for progress bar by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/863";>PyCQA/bandit#863</a></li> <li>Replace <code>toml</code> with <code>tomli</code> by <a href="https://github.com/mkniewallner";><code>@mkniewallner</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/829";>PyCQA/bandit#829</a></li> <li>Fix up B109 and B111 removed plugins docs by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/864";>PyCQA/bandit#864</a></li> <li>add check for "requests" calls without timeout by <a href="https://github.com/mschfh";><code>@mschfh</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/743";>PyCQA/bandit#743</a></li> <li>Fix for build breaks in format job by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/869";>PyCQA/bandit#869</a></li> <li>Add license and contributing links to docs by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/867";>PyCQA/bandit#867</a></li> <li>Remove redundant word Bandit in titles of sections by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/873";>PyCQA/bandit#873</a></li> <li>Add request for feedback via 👍 by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/871";>PyCQA/bandit#871</a></li> <li>Add a Discord link to the docs by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/870";>PyCQA/bandit#870</a></li> <li>Adding logging.config.listen() plugin with examples by <a href="https://github.com/raj3shp";><code>@raj3shp</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/874";>PyCQA/bandit#874</a></li> <li>Removal of ghugo by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/881";>PyCQA/bandit#881</a></li> <li>Remove redundant pip line by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/884";>PyCQA/bandit#884</a></li> <li>Corrected documentation on configuration by <a href="https://github.com/a-takahashi223";><code>@a-takahashi223</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/868";>PyCQA/bandit#868</a></li> <li>Start testing against Python 3.11 by <a href="https://github.com/mkniewallner";><code>@mkniewallner</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/887";>PyCQA/bandit#887</a></li> <li>Add myself to sponsor list by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/885";>PyCQA/bandit#885</a></li> <li>Add Discord link to README by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/875";>PyCQA/bandit#875</a></li> <li>Update action versions in Actions workflows (<a href="https://redirect.github.com/PyCQA/bandit/issues/890";>#890</a>) by <a href="https://github.com/mportesdev";><code>@mportesdev</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/893";>PyCQA/bandit#893</a></li> <li>Add dependency review action by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/891";>PyCQA/bandit#891</a></li> <li>Fix an unclosed <!-- raw HTML omitted --> tag in HTML formatter by <a href="https://github.com/mportesdev";><code>@mportesdev</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/896";>PyCQA/bandit#896</a></li> <li>'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by <a href="https://github.com/rajaramsrn";><code>@rajaramsrn</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/897";>PyCQA/bandit#897</a></li> <li>Make small fixes in docs by <a href="https://github.com/mportesdev";><code>@mportesdev</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/899";>PyCQA/bandit#899</a></li> <li>Specify semver range for Python 3.11 by <a href="https://github.com/mportesdev";><code>@mportesdev</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/901";>PyCQA/bandit#901</a></li> <li>Add another bad example of yaml load by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/905";>PyCQA/bandit#905</a></li> <li>Add releases link in "Version control integration" by <a href="https://github.com/travisjungroth";><code>@travisjungroth</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/909";>PyCQA/bandit#909</a></li> <li>Update version of dependency-review-action by <a href="https://github.com/mportesdev";><code>@mportesdev</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/911";>PyCQA/bandit#911</a></li> <li>Avoid redundant message if debug on by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/913";>PyCQA/bandit#913</a></li> <li>Remove invalid checking on hashlib by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/914";>PyCQA/bandit#914</a></li> <li>Add some missing curve types by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/920";>PyCQA/bandit#920</a></li> <li>add jsonpickle deserialization blacklist by <a href="https://github.com/SugarP1g";><code>@SugarP1g</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/707";>PyCQA/bandit#707</a></li> <li>Fix reading the number argument from config file by <a href="https://github.com/KAUTH";><code>@KAUTH</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/923";>PyCQA/bandit#923</a></li> <li>Add end_col_offset if available by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/851";>PyCQA/bandit#851</a></li> <li>Enhancement Proposal: Plugin "assert_used" config-skip snippet by <a href="https://github.com/marianomartinelli";><code>@marianomartinelli</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/695";>PyCQA/bandit#695</a></li> <li>Blacklist pandas read_pickle and add functional test for it by <a href="https://github.com/jaspersival";><code>@jaspersival</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/710";>PyCQA/bandit#710</a></li> <li>Docs for request without timeout has dead link by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/925";>PyCQA/bandit#925</a></li> <li>Add case for global exec by <a href="https://github.com/tonybaloney";><code>@tonybaloney</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/570";>PyCQA/bandit#570</a></li> <li>Fix a false positive condition yaml_load by <a href="https://github.com/ericwb";><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/927";>PyCQA/bandit#927</a></li> <li>Fix issue <a href="https://redirect.github.com/PyCQA/bandit/issues/453";>#453</a> jinja2 template select_autoescape when using jinja2.select_autoescape by <a href="https://github.com/kinow";><code>@kinow</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/454";>PyCQA/bandit#454</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/bandit/commit/ca4faf2f82a7c68a088100f8ba2b8e56f9bdcfe3";><code>ca4faf2</code></a> Added a bit more <code>project_urls</code> (<a href="https://redirect.github.com/PyCQA/bandit/issues/985";>#985</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/d87faedd61c7d2107db9990036ecf7014579de2f";><code>d87faed</code></a> Check for github action updates monthly (<a href="https://redirect.github.com/PyCQA/bandit/issues/989";>#989</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/72fa5a7496caa89f21ace353d038754dbddf9a91";><code>72fa5a7</code></a> Improve handling nosec for multi-line strings (<a href="https://redirect.github.com/PyCQA/bandit/issues/915";>#915</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/7e6f580d6ad1b35be91046e591526602327a388d";><code>7e6f580</code></a> Improve detecting SQL injections in f-strings (<a href="https://redirect.github.com/PyCQA/bandit/issues/917";>#917</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/fe1361fdcc274850d4099885a802f2c9f28aca08";><code>fe1361f</code></a> Correct build status badge in README (<a href="https://redirect.github.com/PyCQA/bandit/issues/980";>#980</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/a76299303f15268e97a6bacb1cb32a804893c584";><code>a762993</code></a> Fix breaking build due to new tox (<a href="https://redirect.github.com/PyCQA/bandit/issues/983";>#983</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/91c4d979550888c8d190898279bfdb0af732791e";><code>91c4d97</code></a> DOC: Add explanation on how to use pre-commit with config file (<a href="https://redirect.github.com/PyCQA/bandit/issues/968";>#968</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/d9fe642e01866e460454641bcd14b9de9d2b1478";><code>d9fe642</code></a> Add official Python 3.11 support (<a href="https://redirect.github.com/PyCQA/bandit/issues/964";>#964</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/3aaa2b07be47090344d89e5532bcde15127c2909";><code>3aaa2b0</code></a> remove py2 exec example in docs (<a href="https://redirect.github.com/PyCQA/bandit/issues/947";>#947</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/a74385886432e37211f88d5caf135be4bbfdad57";><code>a743858</code></a> Typo fix (<a href="https://redirect.github.com/PyCQA/bandit/issues/945";>#945</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@libcloud.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
