chore(deps): update dependency bandit to >=1.9.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
bandit (source, changelog)	>=1.9.2 → >=1.9.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

PyCQA/bandit (bandit)

v1.9.3

Compare Source

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​1334
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1335
• Fix B608 to detect VALUES( without space by @​kfess in #​1337
• Add check for hardcoded passwords in dicts. by @​alanverresen in #​1338
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1341
• Update tox tests for Python 3.10 by @​willschlitzer in #​1346
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in #​1347
• Limit B614 to torch.load deserializers by @​dibussoc in #​1348

New Contributors

• @​kfess made their first contribution in #​1337
• @​alanverresen made their first contribution in #​1338
• @​willschlitzer made their first contribution in #​1346
• @​dibussoc made their first contribution in #​1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

PR Review

Type: Dependency update (automated)

Summary: Updates bandit security scanner from >=1.9.2 to >=1.9.3.

✅ Approval

This is a clean dependency update with no code quality, security, or regression concerns:

• Changes: Only version bumps in pyproject.toml and uv.lock
• Security: Updates include improved SQL injection detection (B608) and hardcoded password detection
• Breaking changes: None
• Performance: No impact
• Regressions: Unlikely - bandit is a dev dependency for security scanning

📝 Notes

The bandit 1.9.3 update adds:

• Better SQL injection detection for VALUES clauses
• Hardcoded password detection in dicts
• More precise torch.load deserializer checks (B614)

Recommendation: ✅ Safe to merge