v11.0.3

Compare Source

Bug Fixes

• deps: raised the minimum accepted range of npm to v10.5.0 (#​759) (a0313f8), closes semantic-release/semantic-release#3202

even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully

v3.21.2

Compare Source

v3.21.1

Compare Source

v3.21.0

Compare Source

v3.20.0

Compare Source

v3.19.1

Compare Source

v3.19.0

Compare Source

v3.18.0

Compare Source

v3.17.0

Compare Source

v3.16.0

Compare Source

v3.15.2

Compare Source

v3.15.1

Compare Source

v1.9.4

Compare Source

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in #​1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in #​1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in #​1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in #​1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in #​1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in #​1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in #​1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in #​1360

New Contributors

• @​jakob1379 made their first contribution in #​1351
• @​worksbyfriday made their first contribution in #​1361
• @​rcgray made their first contribution in #​1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

v1.9.3

Compare Source

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​1334
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1335
• Fix B608 to detect VALUES( without space by @​kfess in #​1337
• Add check for hardcoded passwords in dicts. by @​alanverresen in #​1338
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1341
• Update tox tests for Python 3.10 by @​willschlitzer in #​1346
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in #​1347
• Limit B614 to torch.load deserializers by @​dibussoc in #​1348

New Contributors

• @​kfess made their first contribution in #​1337
• @​alanverresen made their first contribution in #​1338
• @​willschlitzer made their first contribution in #​1346
• @​dibussoc made their first contribution in #​1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

v1.9.2

Compare Source

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in #​1331
• Check whether Constant value is str by @​ericwb in #​1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

v1.9.1

Compare Source

What's Changed

• More Python version related fixes by @​ericwb in #​1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

v1.8.6

Compare Source

What's Changed

• Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @​dependabot in #​1279
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @​dependabot in #​1278
• added hint to FreeBSD package in doc/source/integrations.rst by @​daniel-mohr in #​1282
• Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @​dependabot in #​1284
• Huggingface revision pinning by @​lukehinds in #​1281

New Contributors

• @​daniel-mohr made their first contribution in #​1282

Full Changelog: PyCQA/bandit@1.8.5...1.8.6

v1.8.5

Compare Source

What's Changed

• Fix the rendering of the CI/CD doc by @​ericwb in #​1274
• Fix for publish to PyPI failure by @​ericwb in #​1273

Full Changelog: PyCQA/bandit@1.8.4...1.8.5

v1.8.3

Compare Source

What's Changed

• Bump docker/build-push-action from 6.10.0 to 6.11.0 by @​dependabot in #​1220
• Bump docker/build-push-action from 6.11.0 to 6.12.0 by @​dependabot in #​1221
• Bump docker/build-push-action from 6.12.0 to 6.13.0 by @​dependabot in #​1222
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1229
• Update bug template to include latest released versions by @​ericwb in #​1218
• Add markupsafe.Markup XSS plugin by @​Daverball in #​1225
• Warn not error on an nonexistant test given by @​ericwb in #​1230
• Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @​dependabot in #​1233
• Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot in #​1234
• B107: Skip None values in hardcoded password detection by @​lukehinds in #​1232
• Pytorch fix by @​lukehinds in #​1231

New Contributors

• @​Daverball made their first contribution in #​1225

Full Changelog: PyCQA/bandit@1.8.2...1.8.3

v1.8.2

Compare Source

What's Changed

• Revert "Start testing with 3.14 alphas" by @​ericwb in #​1217

Full Changelog: PyCQA/bandit@1.8.1...1.8.2

v1.8.1

Compare Source

What's Changed

• Bump docker/build-push-action from 6.9.0 to 6.10.0 by @​dependabot in #​1209
• Update the bug template with latest bandit version by @​ericwb in #​1208
• Add Mercedes-Benz to sponsor list by @​ericwb in #​1210
• Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @​dependabot in #​1211
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1213
• Start testing with 3.14 alphas by @​ericwb in #​1189
• Remove lxml (B320 & B410) from blacklist by @​djbrown in #​1212
• Clarify "getting started" docs by @​Flimm in #​963

New Contributors

• @​djbrown made their first contribution in #​1212
• @​Flimm made their first contribution in #​963

Full Changelog: PyCQA/bandit@1.8.0...1.8.1

v1.8.0

Compare Source

What's Changed

• Bump docker/build-push-action from 6.7.0 to 6.9.0 by @​dependabot in #​1178
• Rename doc file to match proper bandit ID by @​ericwb in #​1183
• Removal of Python 3.8 support by @​ericwb in #​1174
• Add more insecure cryptography cipher algorithms by @​ericwb in #​1185
• Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @​dependabot in #​1186
• Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @​dependabot in #​1187
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1162
• No need to check httpx client without timeout defined by @​ericwb in #​1177
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1191
• Mark Python 3.13 as officially supported by @​ericwb in #​1192
• Update project urls with added links by @​ericwb in #​1193
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1196
• Add a JSON to seek funding from the FLOSS/fund by @​ericwb in #​1194
• Remove Sentry as a sponsor by @​ericwb in #​1198
• Remove more leftover OpenStack references by @​ericwb in #​1195

Full Changelog: PyCQA/bandit@1.7.10...1.8.0

v1.7.10

Compare Source

What's Changed

• Bump docker/build-push-action from 5.4.0 to 6.0.0 by @​dependabot in #​1147
• Suggested small refactors in assignments by @​ericwb in #​1150
• Performance improvement in blacklist function by @​ericwb in #​1148
• Add test for usage of FTP_TLS by @​ericwb in #​1149
• New check: B113: TrojanSource - Bidirectional control characters by @​Lucas-C in #​757
• Bump docker/build-push-action from 6.0.0 to 6.1.0 by @​dependabot in #​1152
• feat(plugins): add support for httpx in B113 by @​mkniewallner in #​1060
• Nit: remove unused variable by @​ericwb in #​1153
• Add recent releases to version choice in bug report by @​ericwb in #​1151
• Bump docker/build-push-action from 6.1.0 to 6.2.0 by @​dependabot in #​1155
• Bump docker/build-push-action from 6.2.0 to 6.3.0 by @​dependabot in #​1157
• Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @​dependabot in #​1156
• Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @​dependabot in #​1158
• Bump docker/login-action from 3.2.0 to 3.3.0 by @​dependabot in #​1159
• Bump docker/build-push-action from 6.3.0 to 6.5.0 by @​dependabot in #​1160
• Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @​dependabot in #​1163
• Bump docker/build-push-action from 6.5.0 to 6.6.1 by @​dependabot in #​1166
• Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @​dependabot in #​1165
• Bump docker/build-push-action from 6.6.1 to 6.7.0 by @​dependabot in #​1168
• Use consistent file naming of docs by @​ericwb in #​1170
• Pytorch Load / Save Plugin by @​lukehinds in #​1114

New Contributors

• @​Lucas-C made their first contribution in #​757

Full Changelog: PyCQA/bandit@1.7.9...1.7.10

v1.7.9

Compare Source

What's Changed

• Bump docker/build-push-action from 5.1.0 to 5.2.0 by @​dependabot in #​1117
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1119
• New logo for Bandit based on raccoon by @​ericwb in #​1121
• Start testing on Python 3.13 by @​ericwb in #​1122
• Bump docker/build-push-action from 5.2.0 to 5.3.0 by @​dependabot in #​1123
• Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @​dependabot in #​1124
• Bump docker/login-action from 3.0.0 to 3.1.0 by @​dependabot in #​1125
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1126
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1127
• Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @​dependabot in #​1130
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1131
• Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @​dependabot in #​1132
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1133
• Updates banner logo so it renders well in dark mode by @​ericwb in #​1134
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1135
• Add a sponsor section to README by @​ericwb in #​1137
• Ensure sarif extra is included as part of doc build by @​ericwb in #​1139
• Bump docker/login-action from 3.1.0 to 3.2.0 by @​dependabot in #​1142
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1143
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1145
• Guard against empty call argument list by @​ericwb in #​1146
• Bump docker/build-push-action from 5.3.0 to 5.4.0 by @​dependabot in #​1144
• Support configfile in .bandit file by @​bersbersbers in #​1052

New Contributors

• @​pre-commit-ci made their first contribution in #​1119
• @​bersbersbers made their first contribution in #​1052

Full Changelog: PyCQA/bandit@1.7.8...1.7.9

v1.7.8

Compare Source

What's Changed

• Incorrect tag naming in readme by @​lukehinds in #​1105
• Utilize PyPI's trusted publishing by @​ericwb in #​1107
• Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @​dependabot in #​1109
• Add 1.7.7 to versions of bug template by @​ericwb in #​1110
• Use datetime to avoid updating copyright year by @​ericwb in #​1112
• filter data is safe for tarfile extractall by @​etienneschalk in #​1111
• Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @​dependabot in #​1115
• [B605] Add functions that are vulnerable to shell injection. by @​shihai1991 in #​1116
• Add a SARIF output formatter by @​ericwb in #​1113

New Contributors

• @​etienneschalk made their first contribution in #​1111
• @​shihai1991 made their first contribution in #​1116

Full Changelog: PyCQA/bandit@1.7.7...1.7.8

v1.7.7

Compare Source

What's Changed

• Add the new release to bandit versions of bug template by @​ericwb in #​1075
• Bump actions/setup-python from 4 to 5 by @​dependabot in #​1076
• Handle variant in how policy is passed in paramiko by @​ericwb in #​1078
• Flag str.replace as possible sql injection by @​costaparas in #​1044
• defusedxml: Show correct module name by @​kajinamit in #​1081
• Add tidelift to the sponsor funding list by @​ericwb in #​1089
• Create a security policy by @​ericwb in #​1091
• Fix up issues found running Bandit on itself by @​ericwb in #​1093
• Add random.randbytes to blacklist calls by @​ericwb in #​1096
• Prepend ./ for files specified as CLI args by @​ericwb in #​1094
• Rework GitPython dependency to be an extra for bandit-baseline by @​ericwb in #​1099
• Bump actions/dependency-review-action from 3 to 4 by @​dependabot in #​1101
• Introduce Official Bandit Images by @​lukehinds in #​1088
• Remove markdown formatting in reStructuredText formatted README by @​ericwb in #​1103
• Downsize the org:repo name by @​lukehinds in #​1104

New Contributors

• @​kajinamit made their first contribution in #​1081

Full Changelog: PyCQA/bandit@1.7.6...1.7.7

v1.7.6

Compare Source

What's Changed

• Update bug report to include version 1.7.5 by @​ericwb in #​993
• Render Python 3.10 in drop down correctly by @​ericwb in #​997
• Remove checks for Python2 urllib by @​ericwb in #​999
• Improper detection of non-requests module by @​ericwb in #​1011
• xmlrpclib replaced with xmlrpc in Python3 by @​ericwb in #​1012
• language and linting updates by @​marksmayo in #​1015
• Adds check for crypt module usage as weak hash by @​ericwb in #​1018
• Switch to tox 4 by @​mportesdev in #​1020
• Skip unnecessary pip install commands in the pythonpackage.yml workflow by @​mportesdev in #​1021
• Update versions of used GitHub Actions by @​mportesdev in #​1024
• Update pre-commit hooks by @​mportesdev in #​1026
• Add random.Random to B311 checks by @​shiftinv in #​940
• Add a copy button to all code snippets in docs by @​ericwb in #​1030
• Replace pbr in favor of importlib by @​ericwb in #​1016
• Switch from open collective to PSF by @​ericwb in #​1031
• Make pre-commit run Bandit hook using a single process by @​Klavionik in #​1029
• Remove support for Python 3.7 due to end-of-life by @​ericwb in #​1034
• Update asserts.py documentation by @​deronnax in #​1036
• Simplify wrap_file_object by @​mportesdev in #​1037
• django_rawsql_used: support keyword arguments used in RawSQL by @​kevinmarsh in #​765
• Avoid gitpyhon CVE-2022-24439 by @​carlosduelo in #​1048
• Update blacklist call documentation by @​costaparas in #​1045
• Support ignoring blacklists by name by @​costaparas in #​1046
• Fix dependabot to update github actions by @​ericwb in #​1057
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1058
• Fix for ReadtheDocs build by @​ericwb in #​1061
• fix(plugins/B507): also detect class instances by @​mkniewallner in #​1064
• Use mirror repository for black pre-commit hook by @​mportesdev in #​1070
• Add official support of Python 3.12 by @​ericwb in #​1068
• Fix crash on pyproject.toml without bandit config by @​javajawa in #​1073
• refactor: remove importlib-metadata fallback by @​mkniewallner in #​1066
• Fixes for sphinx build by @​ericwb in #​1063

New Contributors

• @​marksmayo made their first contribution in #​1015
• @​shiftinv made their first contribution in #​940
• @​Klavionik made their first contribution in #​1029
• @​deronnax made their first contribution in #​1036
• @​kevinmarsh made their first contribution in #​765
• @​carlosduelo made their first contribution in #​1048
• @​costaparas made their first contribution in #​1045
• @​dependabot made their first contribution in #​1058
• @​javajawa made their first contribution in #​1073

Full Changelog: PyCQA/bandit@1.7.5...1.7.6

v1.43.9

Compare Source

======

• api-change:logs: [botocore] Updating the max limit for start query api parameter.
• api-change:mediapackagev2: [botocore] This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests
• api-change:partnercentral-selling: [botocore] Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution.

v1.43.8

Compare Source

======

• api-change:bedrock: [botocore] Advanced Prompt Optimization (AdvPO) allows you to optimize and migrate your prompts for any model on Bedrock by automatically evaluating responses and rewriting prompts to improve performance. This release provides a programmatic way to create, get, list, stop, and delete AdvPO jobs.
• api-change:cloudfront: [botocore] Adding a new boolean for OCSP Revocations in Viewer mTLS Create and Update APIs, and adding a new 'Passthrough' option for TrustStore modes
• api-change:datazone: [botocore] Adds support for SageMaker Unified Studio notebook operations, including notebook import and export
• api-change:dms: [botocore] Add 9 SDK waiters for DMS Schema Conversion async operations. Eliminates manual polling for import, assessment, conversion, export, and creation jobs.
• api-change:glue: [botocore] Release --has-databases parameter for AWS Glue get-catalogs API, which filters catalog responses to include only those capable of containing databases, excluding parent catalogs that hold only other catalogs. Remove model-level validation on partition index list size for AWS Glue tables.
• api-change:grafana: [botocore] Adds support for dual-stack (IPv4 and IPv6) connectivity to Amazon Managed Grafana workspaces. Customers can configure the ipAddressType parameter when creating or updating a workspace to choose between IPv4-only or dual-stack (IPv4 and IPv6) access.
• api-change:mgn: [botocore] Introducing new option for security groups mapping - with MAP-DHCP the service translates security rules from your source environment with DHCP compatibility.
• api-change:qconnect: [botocore] ListModels is an API that returns the available AI models for a Connect Assistant based on its region and AI prompt type.

v1.43.7

Compare Source

======

• api-change:arc-region-switch: [botocore] Adds support for enabling and disabling Lambda event source mappings in Region switch plans.
• api-change:batch: [botocore] Adds a billing callout to docs regarding using the CE Scale Down Delay feature
• api-change:bedrock-agentcore-control: [botocore] Adds support for read-only summary APIs for Policy Engine, Policy, and Policy Generation resources, enabling metadata retrieval without KMS decryption for AWS Config integration.
• api-change:billingconductor: [botocore] Add ConflictException to UpdateCustomLineItem operation.
• api-change:connect: [botocore] This change added three new EventSourceName for schedule notification feature
• api-change:connectcampaignsv2: [botocore] This release added support for Outbound Campaign timezone detection using all available contact methods
• api-change:connectcases: [botocore] Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines.
• api-change:dsql: [botocore] Added support for Amazon Aurora DSQL change data capture (CDC) streams that deliver row-level database changes to Amazon Kinesis in JSON format. Includes CreateStream, GetStream, ListStreams, and DeleteStream operations.
• api-change:ec2: [botocore] Include length limits in the SDK and documentation for text fields in Image (AMI) APIs such as the image name and description
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:es: [botocore] Adds support for AutomatedSnapshotPauseOptions.
• api-change:glue: [botocore] AWS Glue now defaults the job timeout to 480 minutes for Glue version 5.0 and later when no timeout value is specified. The default remains 2,880 minutes for Glue version 4.0 and earlier.
• api-change:lightsail: [botocore] Added OriginIpAddressTypeEnum (ipv4, ipv6, dualstack) and ipAddressType field to Origin and InputOrigin structures for Lightsail CDN distributions. Allows customers to specify how the distribution connects to origins, using IPv4, IPv6, or dualstack networking
• api-change:opensearch: [botocore] Adds support for AutomatedSnapshotPauseOptions.
• api-change:partnercentral-account: [botocore] Added ServiceQuotaExceededExceptions for Profile operations
• api-change:pcs: [botocore] Add support for Amazon EC2 Interruptible-ODCR
• api-change:quicksight: [botocore] Adds five new custom permission option for Quick Apps so that these capabilities can be controlled by public SDK and CLI.
• api-change:redshift: [botocore] Added rg.xlarge and rg.4xlarge to valid NodeType values and updated documentation for CreateCluster, ModifyCluster, ResizeCluster, and RestoreFromClusterSnapshot APIs to reflect RG node type support.
• api-change:rtbfabric: [botocore] Customers can now configure custom domain names for their RTB Fabric gateways. This enables partners to use their own branded domain for RTB traffic instead of the default rtbfabric endpoint
• api-change:sagemaker: [botocore] Adds execution role session name mode to reflect user identity in Studio. Adds Flexible Training Plans on Studio apps. Adds restricted model packages to control access to proprietary model artifacts via IAM. Fixed instance type parity between inference endpoints and managed shadow tests.
• api-change:securityagent: [botocore] Add support for code reviews, a new resource type that enables automated security-focused static analysis of source code repositories.
• api-change:socialmessaging: [botocore] Adds parameters to call the GetWhatsAppMessageTemplate and UpdateWhatsAppMessageTemplate APIs with a template name and language code in place of the template ID. Linked WhatsApp accounts also describe whether the WABA is onboarded to Meta's Marketing Messages API.
• api-change:stepfunctions: [botocore] Updated default SDK endpoints for AWS Step Functions in AWS GovCloud (US) regions. The default Dual-Stack endpoints now resolve to "states-fips" prefixed hostnames. There are no changes to service behavior. No customer action is required.

v1.43.6

Compare Source

======

• api-change:bcm-data-exports: [botocore] With this release, customers can configure their data exports to generate additional integration artifacts for Athena and Redshift.
• api-change:bedrock-agentcore: [botocore] Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy).
• api-change:bedrock-agentcore-control: [botocore] Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy).
• api-change:ec2: [botocore] DescribeInstanc

✂ Note

PR body was truncated to here.