build(deps): bump bandit from 1.7.1 to 1.7.6

[dependabot[bot]]

Bumps bandit from 1.7.1 to 1.7.6.

Release notes

Sourced from bandit's releases.

1.7.5

What's Changed

• Add an example screen shot of Bandit to README by @​ericwb in PyCQA/bandit#847
• Bad link to screen shot by @​ericwb in PyCQA/bandit#848
• Use a constant for weak hashes by @​ericwb in PyCQA/bandit#850
• Group location line with code output by @​ericwb in PyCQA/bandit#822
• Fix line range using Python 3.8 end_lineno by @​ericwb in PyCQA/bandit#821
• Add classifier to indicate Py3 only by @​ericwb in PyCQA/bandit#853
• Removal of blacklist call B309 httpsconnection by @​ericwb in PyCQA/bandit#858
• Remove blacklist call check for os.tempnam by @​ericwb in PyCQA/bandit#859
• Indiciate hash type in message by @​ericwb in PyCQA/bandit#860
• Add the httpx module check for verify by @​ericwb in PyCQA/bandit#861
• Add doc for hashlib plugin by @​ericwb in PyCQA/bandit#862
• Make use of rich for progress bar by @​ericwb in PyCQA/bandit#863
• Replace toml with tomli by @​mkniewallner in PyCQA/bandit#829
• Fix up B109 and B111 removed plugins docs by @​ericwb in PyCQA/bandit#864
• add check for "requests" calls without timeout by @​mschfh in PyCQA/bandit#743
• Fix for build breaks in format job by @​ericwb in PyCQA/bandit#869
• Add license and contributing links to docs by @​ericwb in PyCQA/bandit#867
• Remove redundant word Bandit in titles of sections by @​ericwb in PyCQA/bandit#873
• Add request for feedback via 👍 by @​ericwb in PyCQA/bandit#871
• Add a Discord link to the docs by @​ericwb in PyCQA/bandit#870
• Adding logging.config.listen() plugin with examples by @​raj3shp in PyCQA/bandit#874
• Removal of ghugo by @​ericwb in PyCQA/bandit#881
• Remove redundant pip line by @​ericwb in PyCQA/bandit#884
• Corrected documentation on configuration by @​a-takahashi223 in PyCQA/bandit#868
• Start testing against Python 3.11 by @​mkniewallner in PyCQA/bandit#887
• Add myself to sponsor list by @​ericwb in PyCQA/bandit#885
• Add Discord link to README by @​ericwb in PyCQA/bandit#875
• Update action versions in Actions workflows (#890) by @​mportesdev in PyCQA/bandit#893
• Add dependency review action by @​ericwb in PyCQA/bandit#891
• Fix an unclosed tag in HTML formatter by @​mportesdev in PyCQA/bandit#896
• 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by @​rajaramsrn in PyCQA/bandit#897
• Make small fixes in docs by @​mportesdev in PyCQA/bandit#899
• Specify semver range for Python 3.11 by @​mportesdev in PyCQA/bandit#901
• Add another bad example of yaml load by @​ericwb in PyCQA/bandit#905
• Add releases link in "Version control integration" by @​travisjungroth in PyCQA/bandit#909
• Update version of dependency-review-action by @​mportesdev in PyCQA/bandit#911
• Avoid redundant message if debug on by @​ericwb in PyCQA/bandit#913
• Remove invalid checking on hashlib by @​ericwb in PyCQA/bandit#914
• Add some missing curve types by @​ericwb in PyCQA/bandit#920
• add jsonpickle deserialization blacklist by @​SugarP1g in PyCQA/bandit#707
• Fix reading the number argument from config file by @​KAUTH in PyCQA/bandit#923
• Add end_col_offset if available by @​ericwb in PyCQA/bandit#851
• Enhancement Proposal: Plugin "assert_used" config-skip snippet by @​marianomartinelli in PyCQA/bandit#695
• Blacklist pandas read_pickle and add functional test for it by @​jaspersival in PyCQA/bandit#710
• Docs for request without timeout has dead link by @​ericwb in PyCQA/bandit#925
• Add case for global exec by @​tonybaloney in PyCQA/bandit#570
• Fix a false positive condition yaml_load by @​ericwb in PyCQA/bandit#927
• Fix issue #453 jinja2 template select_autoescape when using jinja2.select_autoescape by @​kinow in PyCQA/bandit#454

... (truncated)

Commits

• f3a18ab Fixes for sphinx build (#1063)
• 4dea02e refactor: remove importlib-metadata fallback (#1066)
• 0d35086 Fix crash on pyproject.toml without bandit config (#1073)
• 6b2e247 Add official support of Python 3.12 (#1068)
• 9a2884e Use mirror repository for black pre-commit hook (#1070)
• 6969489 fix(plugins/B507): also detect class instances (#1064)
• 02faada Fix for ReadtheDocs build (#1061)
• f016e50 Bump actions/checkout from 3 to 4 (#1058)
• 0f49be7 Fix dependabot to update github actions (#1057)
• 6d1d11c Support ignoring blacklists by name (#1046)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)