pkgsrc.se | The NetBSD package collection

./security/py-bandit, Security oriented static analyser for Python code

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.7.10, Package name: py312-bandit-1.7.10, Maintainer: pkgsrc-users

Bandit is a tool designed to find common security issues in Python code. To do
this Bandit processes each file, builds an AST from it, and runs appropriate
plugins against the AST nodes. Once Bandit has finished scanning all the files
it generates a report.

Master sites:

https://files.pythonhosted.org/packages/source/b/bandit/ (Download)

Filesize: 4129.434 KB

Version history: (Expand)

(2024-10-03) Updated to version: py312-bandit-1.7.10
(2024-06-13) Updated to version: py311-bandit-1.7.9
(2024-03-09) Updated to version: py311-bandit-1.7.8
(2024-01-24) Updated to version: py311-bandit-1.7.7
(2023-12-11) Updated to version: py311-bandit-1.7.6
(2023-11-08) Updated to version: py311-bandit-1.7.5

CVS history: (Expand)

2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862)

Log message:
py-*: remove unused tool dependency

py-setuptools includes the py-wheel functionality nowadays

2024-10-14 08:46:10 by Thomas Klausner | Files touched by this commit (325)

Log message:
*: clean-up after python38 removal

2024-10-03 11:04:02 by Adam Ciarcinski | Files touched by this commit (3) | Package updated

Log message:
py-bandit: updated to 1.7.10

1.7.10

* Pytorch Load / Save Plugin
* Use consistent file naming of docs
* Bump docker/build-push-action from 6.6.1 to 6.7.0
* Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
* Bump docker/build-push-action from 6.5.0 to 6.6.1
* Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
* Bump docker/build-push-action from 6.3.0 to 6.5.0
* Bump docker/login-action from 3.2.0 to 3.3.0
* Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
* Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
* Bump docker/build-push-action from 6.2.0 to 6.3.0
* Bump docker/build-push-action from 6.1.0 to 6.2.0
* Add recent releases to version choice in bug report
* Nit: remove unused variable
* feat(plugins): add support for \`httpx\` in \`B113\`
* Bump docker/build-push-action from 6.0.0 to 6.1.0
* New check: B113: TrojanSource - Bidirectional control characters
* Add test for usage of FTP\_TLS
* Performance improvement in blacklist function
* Suggested small refactors in assignments
* Bump docker/build-push-action from 5.4.0 to 6.0.0

2024-06-13 07:03:15 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-bandit: updated to 1.7.9

1.7.9
-----

* Support \`configfile\` in \`.bandit\` file
* Bump docker/build-push-action from 5.3.0 to 5.4.0
* Guard against empty call argument list
* [pre-commit.ci] pre-commit autoupdate
* [pre-commit.ci] pre-commit autoupdate
* Bump docker/login-action from 3.1.0 to 3.2.0
* Ensure sarif extra is included as part of doc build
* Add a sponsor section to README
* [pre-commit.ci] pre-commit autoupdate
* Updates banner logo so it renders well in dark mode
* [pre-commit.ci] pre-commit autoupdate
* Bump sigstore/cosign-installer from 3.4.0 to 3.5.0
* [pre-commit.ci] pre-commit autoupdate
* Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
* [pre-commit.ci] pre-commit autoupdate
* [pre-commit.ci] pre-commit autoupdate
* Bump docker/login-action from 3.0.0 to 3.1.0
* Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
* Bump docker/build-push-action from 5.2.0 to 5.3.0
* Start testing on Python 3.13
* New logo for Bandit based on raccoon
* [pre-commit.ci] pre-commit autoupdate
* Bump docker/build-push-action from 5.1.0 to 5.2.0

2024-03-09 07:56:18 by Adam Ciarcinski | Files touched by this commit (3) | Package updated

Log message:
py-bandit: updated to 1.7.8

1.7.8

* Add a SARIF output formatter
* [B605] Add functions that are vulnerable to shell injection.
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
* filter data is safe for tarfile extractall
* Use datetime to avoid updating copyright year
* Add 1.7.7 to versions of bug template
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
* Utilize PyPI's trusted publishing
* Incorrect tag naming in readme

2024-02-14 04:37:57 by David H. Gutteridge | Files touched by this commit (1)

Log message:
py-bandit: py-setuptools is also a tool dependency (fix builds)

2024-01-24 07:50:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated

Log message:
py-bandit: updated to 1.7.7

1.7.7

* Downsize the org:repo name
* Remove markdown formatting in reStructuredText formatted README
* Introduce Official Bandit Images
* Bump actions/dependency-review-action from 3 to 4
* Rework GitPython dependency to be an extra for bandit-baseline
* Prepend ./ for files specified as CLI args
* Add random.randbytes to blacklist calls
* Fix up issues found running Bandit on itself
* Create a security policy
* Add tidelift to the sponsor funding list
* defusedxml: Show correct module name
* Flag str.replace as possible sql injection
* Handle variant in how policy is passed in paramiko
* Bump actions/setup-python from 4 to 5
* Add the new release to bandit versions of bug template

2023-12-17 09:36:01 by Thomas Klausner | Files touched by this commit (1)

Log message:
py-bandit: add missing tool