uds
uds copied to clipboard
Published
20 hours ago •
mdabrowski1990
mdabrowski1990
Bump bandit from 1.7.7 to 1.7.8
Bumps bandit from 1.7.7 to 1.7.8.
Release notes
Sourced from bandit's releases.
1.7.8
What's Changed
- Incorrect tag naming in readme by
@lukehindsin PyCQA/bandit#1105- Utilize PyPI's trusted publishing by
@ericwbin PyCQA/bandit#1107- Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by
@dependabotin PyCQA/bandit#1109- Add 1.7.7 to versions of bug template by
@ericwbin PyCQA/bandit#1110- Use datetime to avoid updating copyright year by
@ericwbin PyCQA/bandit#1112- filter data is safe for tarfile extractall by
@etienneschalkin PyCQA/bandit#1111- Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by
@dependabotin PyCQA/bandit#1115- [B605] Add functions that are vulnerable to shell injection. by
@shihai1991in PyCQA/bandit#1116- Add a SARIF output formatter by
@ericwbin PyCQA/bandit#1113New Contributors
@etienneschalkmade their first contribution in PyCQA/bandit#1111@shihai1991made their first contribution in PyCQA/bandit#1116Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8
Commits
22b4226Add a SARIF output formatter (#1113)b603dce[B605] Add functions that are vulnerable to shell injection. (#1116)a682a18Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#1115)c8d5f77filter data is safe for tarfile extractall (#1111)e041e12Use datetime to avoid updating copyright year (#1112)5b16b6aAdd 1.7.7 to versions of bug template (#1110)858bfd8Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1109)be5d6acUtilize PyPI's trusted publishing (#1107)c3a07e5Incorrect tag naming in readme (#1105)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 100.00%. Comparing base (
15ab1d5) to head (7ffc19b).
Additional details and impacted files
@@ Coverage Diff @@
## main #263 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 39 39
Lines 2346 2346
=========================================
Hits 2346 2346
| Flag | Coverage Δ | |
|---|---|---|
| integration-tests | 87.97% <ø> (ø) |
|
| unit-tests | 100.00% <ø> (ø) |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}