What's Changed
- Add an example screen shot of Bandit to README by @ericwb in #847
- Bad link to screen shot by @ericwb in #848
- Use a constant for weak hashes by @ericwb in #850
- Group location line with code output by @ericwb in #822
- Fix line range using Python 3.8 end_lineno by @ericwb in #821
- Add classifier to indicate Py3 only by @ericwb in #853
- Removal of blacklist call B309 httpsconnection by @ericwb in #858
- Remove blacklist call check for os.tempnam by @ericwb in #859
- Indiciate hash type in message by @ericwb in #860
- Add the httpx module check for verify by @ericwb in #861
- Add doc for hashlib plugin by @ericwb in #862
- Make use of rich for progress bar by @ericwb in #863
- Replace
tomlwithtomliby @mkniewallner in #829 - Fix up B109 and B111 removed plugins docs by @ericwb in #864
- add check for "requests" calls without timeout by @mschfh in #743
- Fix for build breaks in format job by @ericwb in #869
- Add license and contributing links to docs by @ericwb in #867
- Remove redundant word Bandit in titles of sections by @ericwb in #873
- Add request for feedback via 👍 by @ericwb in #871
- Add a Discord link to the docs by @ericwb in #870
- Adding logging.config.listen() plugin with examples by @raj3shp in #874
- Removal of ghugo by @ericwb in #881
- Remove redundant pip line by @ericwb in #884
- Corrected documentation on configuration by @a-takahashi223 in #868
- Start testing against Python 3.11 by @mkniewallner in #887
- Add myself to sponsor list by @ericwb in #885
- Add Discord link to README by @ericwb in #875
- Update action versions in Actions workflows (#890) by @mportesdev in #893
- Add dependency review action by @ericwb in #891
- Fix an unclosed tag in HTML formatter by @mportesdev in #896
- 'Test plugin listing' in docs incorrectly pointing B612 to plugin ref of B102 by @rajaramsrn in #897
- Make small fixes in docs by @mportesdev in #899
- Specify semver range for Python 3.11 by @mportesdev in #901
- Add another bad example of yaml load by @ericwb in #905
- Add releases link in "Version control integration" by @travisjungroth in #909
- Update version of dependency-review-action by @mportesdev in #911
- Avoid redundant message if debug on by @ericwb in #913
- Remove invalid checking on hashlib by @ericwb in #914
- Add some missing curve types by @ericwb in #920
- add jsonpickle deserialization blacklist by @SugarP1g in #707
- Fix reading the number argument from config file by @KAUTH in #923
- Add end_col_offset if available by @ericwb in #851
- Enhancement Proposal: Plugin "assert_used" config-skip snippet by @marianomartinelli in #695
- Blacklist pandas read_pickle and add functional test for it by @jaspersival in #710
- Docs for request without timeout has dead link by @ericwb in #925
- Add case for global exec by @tonybaloney in #570
- Fix a false positive condition yaml_load by @ericwb in #927
- Fix issue #453 jinja2 template select_autoescape when using jinja2.select_autoescape by @kinow in #454
- Adding tarfile.extractall() plugin with examples by @yilmi in #549
- Check for deprecated TLS 1.1 by @ericwb in #928
- weak_cryptographic_key assumes positional arg by @ericwb in #930
- Fix filename of B202 in docs by @mportesdev in #932
- Remove python 2 reference in docs by @ericwb in #933
- Pass correct number of arguments to match the
%splaceholders. by @mportesdev in #934- Fixup some invalid pickle testing by @ericwb in #924
- Fix json and yaml formatters to respect num lines by @ericwb in #929
- Fix AttributeError on detect of tuple assign condition by @ericwb in #931
- [docs] Mention
exclude_dirsoption available in TOML and YAML by @bittner in #876- Typo fix by @PermanAtayev in #945
- remove py2 exec example in docs by @clavedeluna in #947
- Add official Python 3.11 support by @ericwb in #964
- DOC: Add explanation on how to use pre-commit with config file by @phofl in #968
- Fix breaking build due to new tox by @ericwb in #983
- Correct build status badge in README by @gliptak in #980
- Improve detecting SQL injections in f-strings by @kfrydel in #917
- Improve handling nosec for multi-line strings by @kfrydel in #915
- Check for github action updates monthly by @jlosito in #989
- Added a bit more
project_urlsby @KOLANICH in #985
New Contributors
- @mschfh made their first contribution in #743
- @raj3shp made their first contribution in #874
- @a-takahashi223 made their first contribution in #868
- @mportesdev made their first contribution in #893
- @rajaramsrn made their first contribution in #897
- @travisjungroth made their first contribution in #909
- @SugarP1g made their first contribution in #707
- @KAUTH made their first contribution in #923
- @marianomartinelli made their first contribution in #695
- @jaspersival made their first contribution in #710
- @kinow made their first contribution in #454
- @yilmi made their first contribution in #549
- @PermanAtayev made their first contribution in #945
- @clavedeluna made their first contribution in #947
- @phofl made their first contribution in #968
- @gliptak made their first contribution in #980
- @kfrydel made their first contribution in #917
- @jlosito made their first contribution in #989
- @KOLANICH made their first contribution in #985
Full Changelog: 1.7.4...1.7.5