Bump bandit from 1.9.2 to 1.9.3

[dependabot]

Bumps bandit from 1.9.2 to 1.9.3.

Release notes

Sourced from bandit's releases.

1.9.3

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1334
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1335
• Fix B608 to detect VALUES( without space by @​kfess in PyCQA/bandit#1337
• Add check for hardcoded passwords in dicts. by @​alanverresen in PyCQA/bandit#1338
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1341
• Update tox tests for Python 3.10 by @​willschlitzer in PyCQA/bandit#1346
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in PyCQA/bandit#1347
• Limit B614 to torch.load deserializers by @​dibussoc in PyCQA/bandit#1348

New Contributors

• @​kfess made their first contribution in PyCQA/bandit#1337
• @​alanverresen made their first contribution in PyCQA/bandit#1338
• @​willschlitzer made their first contribution in PyCQA/bandit#1346
• @​dibussoc made their first contribution in PyCQA/bandit#1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

Commits

• 765f00d Limit B614 to torch.load deserializers (#1348)
• 06fbbab Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)
• 36d6f3c Update tox tests for Python 3.10 (#1346)
• da0d338 [pre-commit.ci] pre-commit autoupdate (#1341)
• 649b9bd Add check for hardcoded passwords in dicts. (#1338)
• 3c56109 Fix B608 to detect VALUES( without space (#1337)
• b790ce2 [pre-commit.ci] pre-commit autoupdate (#1335)
• 0b73bbe Bump actions/checkout from 5 to 6 (#1334)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[senzingdevops]

Automated: approving this pull request because it includes a patch update

[github-actions]

🤖 Claude Code Review

Code Review Analysis

I'll analyze this pull request against the checklist. This appears to be a dependency version bump for the bandit security linter from 1.9.2 to 1.9.3 for Python versions > 3.11.

Review Results

Code Quality

✅ Code follows style guide - This is a straightforward dependency version update in pyproject.toml. No code style concerns.

✅ No commented-out code - No commented code present.

✅ Meaningful variable names - N/A for dependency declarations.

✅ DRY principle followed - N/A for this change.

✅ Identify Defects - No defects identified. This is a patch version bump (1.9.2 → 1.9.3) for a security linting tool, which typically contains bug fixes and security improvements. The change is isolated to the development dependency section and doesn't affect runtime behavior.

✅ Project memory consideration - Reviewed .claude/CLAUDE.md (pyproject.toml:73). The project configuration mentions bandit as one of the linters in the toolchain. This change aligns with keeping dependencies current without introducing breaking changes.

Testing

⚠️ Unit tests for new functions - N/A for dependency update, but it would be prudent to verify that:

• make lint or make bandit still runs successfully
• No new false positives are introduced by the updated version

✅ Integration tests for new endpoints - N/A for this change.

✅ Edge cases covered - The conditional version pinning (python_version > '3.11') is appropriate and consistent with the existing pattern.

⚠️ Test coverage > 80% - Cannot determine from this diff alone, but dependency updates don't typically affect coverage.

Documentation

⚠️ Readme updated if needed - N/A for a patch-level dependency bump. No README changes needed.

✅ API docs updated - N/A for this change.

✅ Inline comments for complex logic - N/A for this change.

⚠️ CHANGELOG.md updated - Cannot verify from the diff. For a dependency bump, this is optional but recommended if the project maintains detailed changelogs. Minor dependency updates are often bundled in release notes.

✅ Markdown files formatting - No markdown changes in this PR.

Security

✅ No hardcoded credentials - No credentials present.

✅ Input validation implemented - N/A for this change.

✅ Proper error handling - N/A for this change.

✅ No sensitive data in logs - N/A for this change.

✅ No license files checked in - No .lic files or AQAAAD strings in this diff.

---

Overall Assessment

✅ APPROVED - This is a clean, low-risk patch version bump for a development dependency.

Recommendations

1. Verify the upgrade: Run make bandit after merging to ensure the new version works without issues
2. Consider automation: Dependency updates like this could be automated with Dependabot or Renovate
3. Optional CHANGELOG entry: If the project tracks all dependency updates, add a line like "Bump bandit from 1.9.2 to 1.9.3 for Python 3.12+"

Summary

This PR updates the bandit security linter from version 1.9.2 to 1.9.3 for Python versions greater than 3.11 (pyproject.toml:74). The change is isolated, follows the existing version pinning pattern, and represents a standard maintenance update for keeping security tooling current. No functional code changes are involved, and the risk is minimal.

Automated code review analyzing defects and coding standards