Releases: PyCQA/bandit
Releases · PyCQA/bandit
1.7.1
What's Changed
- Specify output_file encoding as utf-8 by @Brcrwilliams in #364
- Specify language_version in .pre-commit-hooks.yaml by @jdufresne in #670
- Clearer message for subprocess module use by @ericwb in #667
- Add the column offset to the issue model by @tonybaloney in #618
- Show column offset on all formatters by @ericwb in #673
- More complete removal of Python2 code by @ericwb in #674
- Small syntax and formatting cleanup by @ericwb in #676
- Updates to address docstring code scan issues, add flake8 configuration by @asears in #671
- More cleanup of license headers by @ericwb in #679
- Replace http with https URLs by @ericwb in #680
- Add default labels to issues by @ericwb in #681
- Prevent creation of blank issues by @ericwb in #682
- Include the line number when using HTML output format by @aludwin1 in #683
- Add support for Python 3.9 by @ericwb in #650
- Add numeric options for severity and confidence by @nathanstocking in #702
- #694 Bandit fails when using importlib with named arguments by @maciejstromich in #701
- Add license to package installation metadata by @RobbeSneyders in #705
- Mock part of python 3.x by @ericwb in #685
- Remove statement about Py3 by @ericwb in #713
- Use new issue template format by @ericwb in #717
- Fix syntax error in bug report by @ericwb in #718
- Remove steps in reproduce section by @ericwb in #719
- Fix syntax errors in bug report by @ericwb in #720
- document that random.choices() isn't secure either by @taybin in #728
- PEP-518 support: configure bandit via pyproject.toml by @orsinium in #401
- Always use a Loader in yaml.load by @ericwb in #745
- fix reading initial values from .bandit by @alipqb in #722
New Contributors
- @Brcrwilliams made their first contribution in #364
- @jdufresne made their first contribution in #670
- @tonybaloney made their first contribution in #618
- @asears made their first contribution in #671
- @aludwin1 made their first contribution in #683
- @nathanstocking made their first contribution in #702
- @RobbeSneyders made their first contribution in #705
- @taybin made their first contribution in #728
- @orsinium made their first contribution in #401
- @alipqb made their first contribution in #722
Full Changelog: 1.7.0...1.7.1
1.7.0
What's Changed
- Use GitHub Action badge for build by @ericwb in #651
- Remove universal support on the wheel by @ericwb in #655
- Give some tips on how to resolve B101 in the doc by @xuhdev in #616
- Remove blacklist call to input() by @ericwb in #662
- Create CODEOWNERS by @ericwb in #661
New Contributors
Full Changelog: 1.6.3...1.7.0
1.6.3
What's Changed
- Replace setattr by @tylerwince in #493
- Fix 3.8 errors by @tylerwince in #509
- get_url returns different urls calling twice (bug #506) by @ehooo in #507
- fix B603 docstring by @graingert in #524
- --exit-zero option by @maciejstromich in #510
- fix the documentation file README.rst by @MrDolev in #533
- Cleanup comments after #510 by @florczakraf in #532
- Update test requirements to latest versions by @ericwb in #535
- Remove obsolete "sudo" keyword. by @jugmac00 in #538
- Remove unused bindep.txt file by @ericwb in #539
- Revert "Revert "Update python documentation links for version 3 counterparts"" by @ericwb in #540
- Add several ini options for .bandit file by @vuolter in #508
- Add type checking to name node of hashlib_new by @teeann in #516
- Add more missing ini options by @ericwb in #541
- Add shelve to the pickle blacklists by @auscompgeek in #542
- Fix readme file on Extending Bandit on list things by @MrDolev in #534
- Add official support of Python 3.8 by @ericwb in #547
- update README to add info about badge by @zachvalenta in #482
- Fix docs for B610,B611,B703 by @amacfie in #555
- Use SPDX license identifier instead of bulky headers by @ericwb in #530
- Add a section explaining "nosec" by @exhuma in #554
- replace 'then' with 'than' by @pwoolvett in #557
- Add sha1 to the list of insecure hashes by @ericwb in #561
- Use GitHub Actions to run CI by @ericwb in #565
- Ignore common directories by default by @ericwb in #544
- Add push and pull request to GH Action trigger by @ericwb in #567
- Add contributing file by @Glyphack in #572
- Fix contributing typo by @Glyphack in #582
- [DOC] Support python3 venv creation by @look4regev in #583
- Cleanup some typos in recent contributor guide by @ericwb in #585
- Fix colorama not being disabled after being used by @adambenali in #586
- Fix typo for activating venv by @bavedarnow in #590
- Bump pyyaml by @dosisod in #588
- Update CODE_OF_CONDUCT.md by @ericwb in #591
- Resolve 'NoneType' object has no attribute 'id'Traceback in django_mark_safe by @ehooo in #598
- [FIX] blacklist: fix typo in import_ftplib by @Yenthe666 in #601
- Add release notes project URL by @scop in #610
- Drop Python2 build, test, and install by @ericwb in #615
- Fix # noqa rendering in docs by @DrGFreeman in #645
- Don't show progress information on --quiet by @fniessink in #641
- Add skip configuration to assert_used by @wilbertom in #633
- GitHub Action to publish to Test PyPI by @ericwb in #652
- Add workflow to publish to PyPI by @ericwb in #653
New Contributors
- @graingert made their first contribution in #524
- @MrDolev made their first contribution in #533
- @florczakraf made their first contribution in #532
- @jugmac00 made their first contribution in #538
- @vuolter made their first contribution in #508
- @teeann made their first contribution in #516
- @auscompgeek made their first contribution in #542
- @zachvalenta made their first contribution in #482
- @amacfie made their first contribution in #555
- @exhuma made their first contribution in #554
- @pwoolvett made their first contribution in #557
- @Glyphack made their first contribution in #572
- @look4regev made their first contribution in #583
- @adambenali made their first contribution in #586
- @bavedarnow made their first contribution in #590
- @dosisod made their first contribution in #588
- @Yenthe666 made their first contribution in #601
- @scop made their first contribution in #610
- @DrGFreeman made their first contribution in #645
- @fniessink made their first contribution in #641
- @wilbertom made their first contribution in #633
Full Changelog: 1.6.2...1.6.3
1.6.2
1.6.1
What's Changed
- add namespaces for parent attributes by @tylerwince in #492
- add test for regression and fix directory exclusion without wildcards by @mattjegan in #489
New Contributors
- @mattjegan made their first contribution in #489
Full Changelog: 1.6.0...1.6.1
1.6.0
What's Changed
- Fix custom format argument handling by @evqna in #380
- Add release drafter template by @evqna in #382
- Add option -q, --quiet, --silent to hide output by @ericwb in #385
- No need to skip R0204: redefined-variable-type by @ericwb in #390
- Allow failures on dev branch of Python 3.8 by @ericwb in #392
- Fix Pylint warning W0612: use of unused variables by @ericwb in #389
- Fix B611 doc title by @paulopontesm in #414
- Add pre-commit config by @KPilnacek in #411
- Remove unneeded trailing paren in link by @ericwb in #416
- Fix more info line to be in color also by @ericwb in #408
- Add missing custom formatter doc (#406) by @nixphix in #421
- Fix terminal colors not displaying properly on Windows by @GhostofGoes in #424
- Fix sql injection check for f-strings by @mikespallino in #434
- Bump PyYAML minimum version to 3.13 by @ericwb in #432
- Remove paramiko invoke_shell and fix example by @ericwb in #377
- Supporting CSafeLoader in yaml.load plugin by @domanchi in #436
- Properly handle nosec strings in code by @ericwb in #388
- Add a readthedocs build status badge by @lukehinds in #440
- #394 Describe baseline and it's usage in README by @BillBrower in #415
- Fix DeprecationWarning: invalid escape sequence by @BoboTiG in #441
- Fix ResourceWarning: unclosed file by @BoboTiG in #442
- Password by @ehooo in #387
- check if ast.JoinedStr exists before using it by @calvinli in #446
- Fix typo in README by @bitcoinhodler in #451
- Fix context class by @ehooo in #449
- Update python documentation links for version 3 counterparts by @sgaist in #456
- Revert "Update python documentation links for version 3 counterparts" by @ericwb in #461
- Redo logo on the README by @ericwb in #463
- Interpret wildcards in the file exclusion list by @thilp in #450
- updated readme links for werkzeug debugger by @sfc-gh-spandey in #473
- Remove pycryptodome blacklist by @mikespallino in #470
New Contributors
- @paulopontesm made their first contribution in #414
- @KPilnacek made their first contribution in #411
- @nixphix made their first contribution in #421
- @GhostofGoes made their first contribution in #424
- @domanchi made their first contribution in #436
- @BillBrower made their first contribution in #415
- @BoboTiG made their first contribution in #441
- @calvinli made their first contribution in #446
- @bitcoinhodler made their first contribution in #451
- @sgaist made their first contribution in #456
- @thilp made their first contribution in #450
- @sfc-gh-spandey made their first contribution in #473
Full Changelog: 1.5.1...1.6.0
1.5.1
What's Changed
- Fixed crash on dynamic import traversal by @evqna in #369
- New plugin to check for ignoring host keys by @rajathagasthya in #374
- Adding test case for traversal crash by @evqna in #378
New Contributors
- @rajathagasthya made their first contribution in #374
Full Changelog: 1.5.0...1.5.1
1.5.0
What's Changed
- Travis ci file by @lukehinds in #282
- Changes OpenStack specifics to PyCQA by @lukehinds in #1
- Migrate to new PyPI website by @ericwb in #2
- Create a code of conduct by @ericwb in #283
- Remove the unused integration tests by @ericwb in #285
- Create an issue template for the project by @ericwb in #284
- Add a build status badge to the README by @ericwb in #289
- Show support for Python 3.6 by @ericwb in #288
- Remove integration test playbooks by @ericwb in #290
- Update issue templates to new GitHub format by @ericwb in #301
- Logo design: Bandit by @baranpirincal in #302
- Add a smaller logo that works with the README rst by @ericwb in #304
- Update the doc links, remove openstack by @ericwb in #305
- Add missing B413 import_pycrypto in README by @ericwb in #308
- Add PyCryptodome to import blacklists by @warthog9 in #307
- Django sql injection by @ehooo in #292
- Use bandit.readthedocs.io in setup.cfg by @ericwb in #312
- Add detection for Django XSS by @ehooo in #295
- Add missing documentation link for B703 by @ericwb in #314
- Remove OpenStack-specific plugins by @nickthetait in #316
- Improve shell by @ehooo in #298
- Fast fix for yaml import by @ehooo in #303
- Django sql injection by @ehooo in #310
- Enable travis to run pylint and pep8 tox env by @ericwb in #325
- Add development status classifier by @ericwb in #321
- Remove openstack specific utils.exec checks by @ericwb in #328
- add os.tempnam() / os.tmpnam() to blacklist by @chair6 in #330
- Add Python 3.7 support by @ericwb in #327
- Add subprocess.run to B602 by @ericwb in #334
- Repair some broken see also links in the doc by @ericwb in #336
- Use html.escape() instead of cgi.escape() by @ericwb in #339
- Re-enable functional tests as part of CI by @ericwb in #348
- Add more_info URL to XML output by @stannum-l in #354
- Report dill usage by @calve in #347
- Add experimental Python 3.8-dev to test with by @ericwb in #337
- Add emojis to issue types by @ericwb in #358
- Add more_info URL to text output by @stannum-l in #359
- Add more_info URL to screen formatter by @stannum-l in #360
- Add support to run bandit as python -m bandit by @rtfpessoa in #363
- Add more_info URL to csv formatter by @stannum-l in #361
- Add external documentation references by @evqna in #368
- Change ver 1.4.1 references to 1.5.0 by @ericwb in #370
New Contributors
- @baranpirincal made their first contribution in #302
- @warthog9 made their first contribution in #307
- @nickthetait made their first contribution in #316
- @chair6 made their first contribution in #330
- @calve made their first contribution in #347
- @rtfpessoa made their first contribution in #363
Full Changelog: 1.4.0...1.5.0