Comparing changes

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.9.0 to 6.10.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@4f58ea7...48aba3b) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Since Bandit 1.8.0 was just released, the bug template should also have 1.8.0 in its list of choices.

* Add Mercedes-Benz to sponsor list Add Mercedes-Benz to the README as one of our generous sponsors. * Update README.rst

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@c47758b...6524bf6) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

updates: - [github.com/asottile/pyupgrade: v3.19.0 → v3.19.1](asottile/pyupgrade@v3.19.0...v3.19.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

* Test with official 3.13 and 3.14 alphas This change updates the unit testing to use the official Python 3.13 released yesterday (Oct 7). It also starts testing against the alpha versions of Python 3.14 to catch potential problems early before it is officially released. Signed-off-by: Eric Brown <[email protected]> * Update setup.cfg * Update setup.cfg Signed-off-by: Eric Brown <[email protected]> --------- Signed-off-by: Eric Brown <[email protected]>

* remove B320 (xml_bad_etree) and B410 (import_lxml) * restore lxml documentation and denote removal * fix missing newline Co-authored-by: Ian Stapleton Cordasco <[email protected]> --------- Co-authored-by: Ian Stapleton Cordasco <[email protected]> Co-authored-by: Eric Brown <[email protected]>

* Clarify "getting started" docs This makes it clearer that you don't need to use both virtualenv and venv at the same time * Update doc/source/start.rst --------- Co-authored-by: Luke Hinds <[email protected]> Co-authored-by: Eric Brown <[email protected]>

Revert "Start testing with 3.14 alphas (#1189)" This reverts commit 13d3406.

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.10.0 to 6.11.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@48aba3b...b32b51a) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.11.0 to 6.12.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@b32b51a...67a2d40) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.12.0 to 6.13.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@67a2d40...ca877d9) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [pre-commit.ci] pre-commit autoupdate updates: - [github.com/psf/black-pre-commit-mirror: 24.10.0 → 25.1.0](psf/black-pre-commit-mirror@24.10.0...25.1.0) * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

The bug template should include a drop down selection for newly released Bandit versions 1.8.1 and 1.8.2.

* Add markupsafe.Markup XSS plugin * Apply suggestions from code review Co-authored-by: Eric Brown <[email protected]> --------- Co-authored-by: Eric Brown <[email protected]>

When a user gives a test ID to include or skip, the current behavior raises an exception and exits the process. However, when tests end up getting deprecated and eventually removed, it is a lot more user friendly to simple present a warning to the user that the test ID given wasn't found rather than a hard error and exit. Fixes: #1228 Signed-off-by: Eric Brown <[email protected]>

* B107: Skip None values in hardcoded password detection The B107 check was incorrectly flagging None default values as hardcoded passwords in function definitions. This is a false positive since None is a legitimate and commonly used within __init__ initialization This change modifies the hardcoded_password_default function to: - Skip None values in parameter defaults - Handle both ast.Constant (Python 3.8+) and ast.NameConstant (Python 3.7-) representations of None - Update documentation to clarify None handling behavior Example of code that no longer triggers B107: def __init__(self, auth_scheme, auth_password=None): pass Fixes ##1227 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

* Fix pytorch weights check * B614: Fix PyTorch plugin to handle weights_only parameter correctly The PyTorch plugin (B614) has been updated to properly handle the weights_only parameter in torch.load calls. When weights_only=True is specified, PyTorch will only deserialize known safe types, making the operation more secure. I also removed torch.save as there is no certain insecure element as such, saving any file or artifact requires consideration of what it is you are saving. Changes: - Update plugin to only check torch.load calls (not torch.save) - Fix weights_only check to handle both string and boolean True values - Remove map_location check as it doesn't affect security - Update example file to demonstrate both safe and unsafe cases - Update plugin documentation to mention weights_only as a safe alternative The plugin now correctly identifies unsafe torch.load calls while allowing safe usage with weights_only=True to pass without warning. Fixes: #1224 * Fix E501 line too long * Rename files to new test scope * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update doc/source/plugins/b614_pytorch_load.rst Co-authored-by: Eric Brown <[email protected]> * Update pytorch_load.py --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Brown <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Comparing changes

Open a pull request

Commits on Dec 2, 2024

Commits on Dec 6, 2024

Commits on Dec 16, 2024

Commits on Dec 24, 2024

Commits on Jan 7, 2025

Commits on Jan 12, 2025

Commits on Jan 13, 2025

Commits on Jan 20, 2025

Commits on Jan 27, 2025

Commits on Feb 4, 2025

Commits on Feb 5, 2025

Commits on Feb 10, 2025

Commits on Feb 16, 2025

This comparison is taking too long to generate.

Uh oh!