Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: PyCQA/bandit
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.8.0
Choose a base ref
...
head repository: PyCQA/bandit
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.8.1
Choose a head ref
  • 8 commits
  • 21 files changed
  • 7 contributors

Commits on Dec 2, 2024

  1. Bump docker/build-push-action from 6.9.0 to 6.10.0 (#1209) 

    Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.9.0 to 6.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@4f58ea7...48aba3b)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 2, 2024
    Configuration menu
    Copy the full SHA
    65ddf8f View commit details
    Browse the repository at this point in the history

Commits on Dec 6, 2024

  1. Update the bug template with latest bandit version (#1208) 

    Since Bandit 1.8.0 was just released, the bug template should also have 1.8.0 in its list of choices.
    @ericwb
    ericwb authored Dec 6, 2024
    Configuration menu
    Copy the full SHA
    ead6717 View commit details
    Browse the repository at this point in the history

  2. Add Mercedes-Benz to sponsor list (#1210) 

    * Add Mercedes-Benz to sponsor list

Add Mercedes-Benz to the README as one of our generous sponsors.

* Update README.rst
    @ericwb
    ericwb authored Dec 6, 2024
    Configuration menu
    Copy the full SHA
    929d597 View commit details
    Browse the repository at this point in the history

Commits on Dec 16, 2024

  1. Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 (#1211) 

    Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.1 to 3.8.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@c47758b...6524bf6)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 16, 2024
    Configuration menu
    Copy the full SHA
    8e3c928 View commit details
    Browse the repository at this point in the history

Commits on Dec 24, 2024

  1. [pre-commit.ci] pre-commit autoupdate (#1213) 

    updates:
- [github.com/asottile/pyupgrade: v3.19.0 → v3.19.1](asottile/pyupgrade@v3.19.0...v3.19.1)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    @pre-commit-ci
    pre-commit-ci[bot] authored Dec 24, 2024
    Configuration menu
    Copy the full SHA
    1abd1d7 View commit details
    Browse the repository at this point in the history

Commits on Jan 7, 2025

  1. Start testing with 3.14 alphas (#1189) 

    * Test with official 3.13 and 3.14 alphas

This change updates the unit testing to use the official
Python 3.13 released yesterday (Oct 7). It also starts
testing against the alpha versions of Python 3.14 to
catch potential problems early before it is officially released.

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>

* Update setup.cfg

* Update setup.cfg

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>

---------

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
    @ericwb
    ericwb authored Jan 7, 2025
    Configuration menu
    Copy the full SHA
    13d3406 View commit details
    Browse the repository at this point in the history

  2. Remove lxml (B320 & B410) from blacklist (#1212) 

    * remove B320 (xml_bad_etree) and B410 (import_lxml)

* restore lxml documentation and denote removal

* fix missing newline

Co-authored-by: Ian Stapleton Cordasco <graffatcolmingov@gmail.com>

---------

Co-authored-by: Ian Stapleton Cordasco <graffatcolmingov@gmail.com>
Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>
    @djbrown @sigmavirus24 @ericwb
    3 people authored Jan 7, 2025
    Configuration menu
    Copy the full SHA
    e4da0b3 View commit details
    Browse the repository at this point in the history

Commits on Jan 12, 2025

  1. Clarify "getting started" docs (#963) 

    * Clarify "getting started" docs

This makes it clearer that you don't need to use both virtualenv and venv at the same time

* Update doc/source/start.rst

---------

Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.github.com>
Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>
    @Flimm @lukehinds @ericwb
    3 people authored Jan 12, 2025
    Configuration menu
    Copy the full SHA
    e58379c View commit details
    Browse the repository at this point in the history
Loading