v11.0.3

Compare Source

Bug Fixes

• deps: raised the minimum accepted range of npm to v10.5.0 (#​759) (a0313f8), closes semantic-release/semantic-release#3202

even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully

v3.21.2

Compare Source

v3.21.1

Compare Source

v3.21.0

Compare Source

v3.20.0

Compare Source

v3.19.1

Compare Source

v3.19.0

Compare Source

v3.18.0

Compare Source

v3.17.0

Compare Source

v3.16.0

Compare Source

v3.15.2

Compare Source

v3.15.1

Compare Source

v1.9.4

Compare Source

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in #​1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in #​1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in #​1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in #​1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in #​1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in #​1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in #​1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in #​1360

New Contributors

• @​jakob1379 made their first contribution in #​1351
• @​worksbyfriday made their first contribution in #​1361
• @​rcgray made their first contribution in #​1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

v1.9.3

Compare Source

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​1334
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1335
• Fix B608 to detect VALUES( without space by @​kfess in #​1337
• Add check for hardcoded passwords in dicts. by @​alanverresen in #​1338
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1341
• Update tox tests for Python 3.10 by @​willschlitzer in #​1346
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in #​1347
• Limit B614 to torch.load deserializers by @​dibussoc in #​1348

New Contributors

• @​kfess made their first contribution in #​1337
• @​alanverresen made their first contribution in #​1338
• @​willschlitzer made their first contribution in #​1346
• @​dibussoc made their first contribution in #​1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

v1.9.2

Compare Source

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in #​1331
• Check whether Constant value is str by @​ericwb in #​1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

v1.9.1

Compare Source

What's Changed

• More Python version related fixes by @​ericwb in #​1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

v1.8.6

Compare Source

What's Changed

• Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @​dependabot in #​1279
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @​dependabot in #​1278
• added hint to FreeBSD package in doc/source/integrations.rst by @​daniel-mohr in #​1282
• Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @​dependabot in #​1284
• Huggingface revision pinning by @​lukehinds in #​1281

New Contributors

• @​daniel-mohr made their first contribution in #​1282

Full Changelog: PyCQA/bandit@1.8.5...1.8.6

v1.8.5

Compare Source

What's Changed

• Fix the rendering of the CI/CD doc by @​ericwb in #​1274
• Fix for publish to PyPI failure by @​ericwb in #​1273

Full Changelog: PyCQA/bandit@1.8.4...1.8.5

v1.8.3

Compare Source

What's Changed

• Bump docker/build-push-action from 6.10.0 to 6.11.0 by @​dependabot in #​1220
• Bump docker/build-push-action from 6.11.0 to 6.12.0 by @​dependabot in #​1221
• Bump docker/build-push-action from 6.12.0 to 6.13.0 by @​dependabot in #​1222
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1229
• Update bug template to include latest released versions by @​ericwb in #​1218
• Add markupsafe.Markup XSS plugin by @​Daverball in #​1225
• Warn not error on an nonexistant test given by @​ericwb in #​1230
• Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @​dependabot in #​1233
• Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot in #​1234
• B107: Skip None values in hardcoded password detection by @​lukehinds in #​1232
• Pytorch fix by @​lukehinds in #​1231

New Contributors

• @​Daverball made their first contribution in #​1225

Full Changelog: PyCQA/bandit@1.8.2...1.8.3

v1.8.2

Compare Source

What's Changed

• Revert "Start testing with 3.14 alphas" by @​ericwb in #​1217

Full Changelog: PyCQA/bandit@1.8.1...1.8.2

v1.8.1

Compare Source

What's Changed

• Bump docker/build-push-action from 6.9.0 to 6.10.0 by @​dependabot in #​1209
• Update the bug template with latest bandit version by @​ericwb in #​1208
• Add Mercedes-Benz to sponsor list by @​ericwb in #​1210
• Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @​dependabot in #​1211
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1213
• Start testing with 3.14 alphas by @​ericwb in #​1189
• Remove lxml (B320 & B410) from blacklist by @​djbrown in #​1212
• Clarify "getting started" docs by @​Flimm in #​963

New Contributors

• @​djbrown made their first contribution in #​1212
• @​Flimm made their first contribution in #​963

Full Changelog: PyCQA/bandit@1.8.0...1.8.1

v1.8.0

Compare Source

What's Changed

• Bump docker/build-push-action from 6.7.0 to 6.9.0 by @​dependabot in #​1178
• Rename doc file to match proper bandit ID by @​ericwb in #​1183
• Removal of Python 3.8 support by @​ericwb in #​1174
• Add more insecure cryptography cipher algorithms by @​ericwb in #​1185
• Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @​dependabot in #​1186
• Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @​dependabot in #​1187
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1162
• No need to check httpx client without timeout defined by @​ericwb in #​1177
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1191
• Mark Python 3.13 as officially supported by @​ericwb in #​1192
• Update project urls with added links by @​ericwb in #​1193
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1196
• Add a JSON to seek funding from the FLOSS/fund by @​ericwb in #​1194
• Remove Sentry as a sponsor by @​ericwb in #​1198
• Remove more leftover OpenStack references by @​ericwb in #​1195

Full Changelog: PyCQA/bandit@1.7.10...1.8.0

v1.7.10

Compare Source

What's Changed

• Bump docker/build-push-action from 5.4.0 to 6.0.0 by @​dependabot in #​1147
• Suggested small refactors in assignments by @​ericwb in #​1150
• Performance improvement in blacklist function by @​ericwb in #​1148
• Add test for usage of FTP_TLS by @​ericwb in #​1149
• New check: B113: TrojanSource - Bidirectional control characters by @​Lucas-C in #​757
• Bump docker/build-push-action from 6.0.0 to 6.1.0 by @​dependabot in #​1152
• feat(plugins): add support for httpx in B113 by @​mkniewallner in #​1060
• Nit: remove unused variable by @​ericwb in #​1153
• Add recent releases to version choice in bug report by @​ericwb in #​1151
• Bump docker/build-push-action from 6.1.0 to 6.2.0 by @​dependabot in #​1155
• Bump docker/build-push-action from 6.2.0 to 6.3.0 by @​dependabot in #​1157
• Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @​dependabot in #​1156
• Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @​dependabot in #​1158
• Bump docker/login-action from 3.2.0 to 3.3.0 by @​dependabot in #​1159
• Bump docker/build-push-action from 6.3.0 to 6.5.0 by @​dependabot in #​1160
• Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @​dependabot in #​1163
• Bump docker/build-push-action from 6.5.0 to 6.6.1 by @​dependabot in #​1166
• Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @​dependabot in #​1165
• Bump docker/build-push-action from 6.6.1 to 6.7.0 by @​dependabot in #​1168
• Use consistent file naming of docs by @​ericwb in #​1170
• Pytorch Load / Save Plugin by @​lukehinds in #​1114

New Contributors

• @​Lucas-C made their first contribution in #​757

Full Changelog: PyCQA/bandit@1.7.9...1.7.10

v1.7.9

Compare Source

What's Changed

• Bump docker/build-push-action from 5.1.0 to 5.2.0 by @​dependabot in #​1117
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1119
• New logo for Bandit based on raccoon by @​ericwb in #​1121
• Start testing on Python 3.13 by @​ericwb in #​1122
• Bump docker/build-push-action from 5.2.0 to 5.3.0 by @​dependabot in #​1123
• Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @​dependabot in #​1124
• Bump docker/login-action from 3.0.0 to 3.1.0 by @​dependabot in #​1125
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1126
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1127
• Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @​dependabot in #​1130
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1131
• Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @​dependabot in #​1132
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1133
• Updates banner logo so it renders well in dark mode by @​ericwb in #​1134
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1135
• Add a sponsor section to README by @​ericwb in #​1137
• Ensure sarif extra is included as part of doc build by @​ericwb in #​1139
• Bump docker/login-action from 3.1.0 to 3.2.0 by @​dependabot in #​1142
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1143
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1145
• Guard against empty call argument list by @​ericwb in #​1146
• Bump docker/build-push-action from 5.3.0 to 5.4.0 by @​dependabot in #​1144
• Support configfile in .bandit file by @​bersbersbers in #​1052

New Contributors

• @​pre-commit-ci made their first contribution in #​1119
• @​bersbersbers made their first contribution in #​1052

Full Changelog: PyCQA/bandit@1.7.8...1.7.9

v1.7.8

Compare Source

What's Changed

• Incorrect tag naming in readme by @​lukehinds in #​1105
• Utilize PyPI's trusted publishing by @​ericwb in #​1107
• Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @​dependabot in #​1109
• Add 1.7.7 to versions of bug template by @​ericwb in #​1110
• Use datetime to avoid updating copyright year by @​ericwb in #​1112
• filter data is safe for tarfile extractall by @​etienneschalk in #​1111
• Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @​dependabot in #​1115
• [B605] Add functions that are vulnerable to shell injection. by @​shihai1991 in #​1116
• Add a SARIF output formatter by @​ericwb in #​1113

New Contributors

• @​etienneschalk made their first contribution in #​1111
• @​shihai1991 made their first contribution in #​1116

Full Changelog: PyCQA/bandit@1.7.7...1.7.8

v1.7.7

Compare Source

What's Changed

• Add the new release to bandit versions of bug template by @​ericwb in #​1075
• Bump actions/setup-python from 4 to 5 by @​dependabot in #​1076
• Handle variant in how policy is passed in paramiko by @​ericwb in #​1078
• Flag str.replace as possible sql injection by @​costaparas in #​1044
• defusedxml: Show correct module name by @​kajinamit in #​1081
• Add tidelift to the sponsor funding list by @​ericwb in #​1089
• Create a security policy by @​ericwb in #​1091
• Fix up issues found running Bandit on itself by @​ericwb in #​1093
• Add random.randbytes to blacklist calls by @​ericwb in #​1096
• Prepend ./ for files specified as CLI args by @​ericwb in #​1094
• Rework GitPython dependency to be an extra for bandit-baseline by @​ericwb in #​1099
• Bump actions/dependency-review-action from 3 to 4 by @​dependabot in #​1101
• Introduce Official Bandit Images by @​lukehinds in #​1088
• Remove markdown formatting in reStructuredText formatted README by @​ericwb in #​1103
• Downsize the org:repo name by @​lukehinds in #​1104

New Contributors

• @​kajinamit made their first contribution in #​1081

Full Changelog: PyCQA/bandit@1.7.6...1.7.7

v1.7.6

Compare Source

What's Changed

• Update bug report to include version 1.7.5 by @​ericwb in #​993
• Render Python 3.10 in drop down correctly by @​ericwb in #​997
• Remove checks for Python2 urllib by @​ericwb in #​999
• Improper detection of non-requests module by @​ericwb in #​1011
• xmlrpclib replaced with xmlrpc in Python3 by @​ericwb in #​1012
• language and linting updates by @​marksmayo in #​1015
• Adds check for crypt module usage as weak hash by @​ericwb in #​1018
• Switch to tox 4 by @​mportesdev in #​1020
• Skip unnecessary pip install commands in the pythonpackage.yml workflow by @​mportesdev in #​1021
• Update versions of used GitHub Actions by @​mportesdev in #​1024
• Update pre-commit hooks by @​mportesdev in #​1026
• Add random.Random to B311 checks by @​shiftinv in #​940
• Add a copy button to all code snippets in docs by @​ericwb in #​1030
• Replace pbr in favor of importlib by @​ericwb in #​1016
• Switch from open collective to PSF by @​ericwb in #​1031
• Make pre-commit run Bandit hook using a single process by @​Klavionik in #​1029
• Remove support for Python 3.7 due to end-of-life by @​ericwb in #​1034
• Update asserts.py documentation by @​deronnax in #​1036
• Simplify wrap_file_object by @​mportesdev in #​1037
• django_rawsql_used: support keyword arguments used in RawSQL by @​kevinmarsh in #​765
• Avoid gitpyhon CVE-2022-24439 by @​carlosduelo in #​1048
• Update blacklist call documentation by @​costaparas in #​1045
• Support ignoring blacklists by name by @​costaparas in #​1046
• Fix dependabot to update github actions by @​ericwb in #​1057
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1058
• Fix for ReadtheDocs build by @​ericwb in #​1061
• fix(plugins/B507): also detect class instances by @​mkniewallner in #​1064
• Use mirror repository for black pre-commit hook by @​mportesdev in #​1070
• Add official support of Python 3.12 by @​ericwb in #​1068
• Fix crash on pyproject.toml without bandit config by @​javajawa in #​1073
• refactor: remove importlib-metadata fallback by @​mkniewallner in #​1066
• Fixes for sphinx build by @​ericwb in #​1063

New Contributors

• @​marksmayo made their first contribution in #​1015
• @​shiftinv made their first contribution in #​940
• @​Klavionik made their first contribution in #​1029
• @​deronnax made their first contribution in #​1036
• @​kevinmarsh made their first contribution in #​765
• @​carlosduelo made their first contribution in #​1048
• @​costaparas made their first contribution in #​1045
• @​dependabot made their first contribution in #​1058
• @​javajawa made their first contribution in #​1073

Full Changelog: PyCQA/bandit@1.7.5...1.7.6

v1.43.36

Compare Source

=======

• api-change:kafka: [botocore] Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers.

v1.43.35

Compare Source

=======

• api-change:application-signals: [botocore] Application Signals now supports dynamic instrumentation and Service Events telemetry. Add instrumentation at runtime without restarts, and use fine-grained profiling data to quickly pinpoint latency and error root causes.
• api-change:bedrock-agentcore: [botocore] Adds an optional extractionMode field to CreateEvent. SKIP retains the event in short-term memory but excludes it from long-term memory extraction.
• api-change:directconnect: [botocore] Added VIF rate limiting support for AWS Direct Connect, allowing customers to set bandwidth allocations on virtual interfaces to manage traffic on dedicated connections.
• api-change:ec2: [botocore] This release adds support for AMI Watermark and Allowed AMIs integration
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:guardduty: [botocore] Added AI-powered investigations that automatically analyze security findings, correlate related activity, and produce structured summaries with risk assessment, confidence scoring, MITRE technique classification, and actionable next steps.
• api-change:kafka: [botocore] Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers.
• api-change:lambda: [botocore] Add support for tagging Network Connector resources in AWS Lambda.
• api-change:lambda-core: [botocore] Initial release of the AWS Lambda Core SDK with APIs to create, manage, and tag network connectors that enable Lambda compute resources to access private resources in your Amazon VPC.
• api-change:lambda-microvms: [botocore] Lambda MicroVMs GA launch. Lambda MicroVMs enable isolated and highly responsive execution of user-supplied or LLM-generated code.
• api-change:logs: [botocore] CloudWatch Logs Updates - New APIs introduced to support syslog ingestion to a log group. For more information, see CloudWatch Logs API documentation.
• api-change:mediaconnect: [botocore] AWS MediaConnect now supports Content Quality Analysis for Router Inputs, enabling detection of black frames, frozen frames, and silent audio with configurable thresholds.
• api-change:omics: [botocore] Adds support for scratch ephemeral storage mounted at tmp
• api-change:quicksight: [botocore] Updated the Amazon Quick Spaces API to remove unsupported SPACE and ARTIFACT values from the SpaceQuickSightResourceType enum.

v1.43.34

Compare Source

=======

• api-change:appstream: [botocore] Amazon WorkSpaces Agent Access now supports domain-joined fleets for enterprise identity integration, real-time agent observation with instant stop controls, and MCP tool forwarding for lower-latency, cost-effective desktop tool access.
• api-change:bedrock-agent: [botocore] Add support for metadata-only retrieval on GetFlow, GetFlowVersion, and GetPrompt APIs.
• api-change:connect: [botocore] This is the release for point based scoring system and the evaluation form validation project
• api-change:glue: [botocore] Adds the SearchAssets operation for discovering assets in the AWS Glue Data Catalog using full-text search and filters. Minor naming refinements across the Glossary Terms and Attachment APIs for consistency.
• api-change:opensearch: [botocore] This release introduces data source attachment APIs, enabling users to attach and detach Amazon OpenSearch Service domains and Amazon OpenSearch Serverless collections to an OpenSearch application.

v1.43.33

Compare Source

=======

• api-change:application-autoscaling: [botocore] Adds support for ECS high-resolution predefined scaling metrics (ECSServiceAverageCPUUtilizationHighResolution, ECSServiceAverageMemoryUtilizationHighResolution) enabling 20-second metric periods for faster scaling
• api-change:batch: [botocore] Adds Support for ordered allocation strategies- BEST-FIT-PROGRESSIVE-ORDERED or SPOT-CAPACITY-OPTIMIZED-PRIORITIZED
• api-change:cognito-idp: [botocore] In order to support the new TLS Self-Service feature, this change adds SecurityPolicyType to CustomDomainConfigType. During CreateUserPoolDomain and UpdateUserPoolDomain this is used to select a custom domain's TLS enforcement, and for DescribeUserPoolDomain it informs users about the current TLS.
• api-change:compute-optimizer: [botocore] This release surfaces two new metrics Volume IOPS Exceeded and Volume Throughput Exceeded into EBS volume rightsizing recommendations.
• api-change:ec2: [botocore] Documentation updates clarifying CancelCapacityReservation cancellable states
• api-change:ecs: [botocore] Amazon ECS services now support high resolution (20 second) CloudWatch metrics for CPUUtilization and MemoryUtilization. Use these metrics for faster service auto scaling.
• api-change:eks: [botocore] Adds support for configurable control plane egress routing in Amazon EKS, allowing you to route control plane egress traffic through your VPC and control how the control plane reaches resources in your network such as webhook servers and OIDC providers.
• api-change:gamelift: [botocore] Amazon GameLift Servers has launched support for customizing Linux capabilities in container fleets. You can now specify additional Linux capabilities for containers in a container group definition, giving you finer control over the default Docker capabilities available to your containers.
• api-change:healthlake: [botocore] Adding New Configurations to the FHIR Create Datastore. The new configurations include NLP Configuration, AnalyticsConfiguration, ProfileConfiguration
• api-change:lambda: [botocore] Converging and fixing existing documentation gaps in Lambda SDK
• api-change:logs: [botocore] Added optional startFromHead parameter to FilterLogEvents enabling descending timestamp order (newest first) when set to false. Default true preserves existing ascending order. Reverse sorting requires a startTime on or after Jan 1, 2024.
• api-change:sagemaker: [botocore] Adds support for automatic AMI patching on HyperPod clusters. Customers can configure patching strategies to automatically apply security patch with zero job termination. Customers can also specify an AMI version at instance group level and update cluster software to a certain AMI version.
• api-change:synthetics: [botocore] CloudWatch Synthetics adds support for multi-location canaries. Customers can now monitor their endpoints from multiple locations with centralized management from a primary location. The SDK includes new parameters for configuring multiple locations and tracking their state.

v1.43.32

Compare Source

=======

• api-change:bedrock-agent: [botocore] Launching Bedrock Managed Knowledge Bases. Added support for

✂ Note

PR body was truncated to here.