build(deps-dev): bump bandit from 1.8.3 to 1.8.6
Merged
Number: #134
Type: Pull Request
State: Merged
Type: Pull Request
State: Merged
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Contributor
Comments: 1
dependabot[bot]Association: Contributor
Comments: 1
Created:
July 07, 2025 at 09:17 PM UTC
(11 months ago)
(11 months ago)
Updated:
July 22, 2025 at 12:31 PM UTC
(11 months ago)
(11 months ago)
Merged:
July 22, 2025 at 12:31 PM UTC
(11 months ago)
by dependabot[bot]
(11 months ago)
by dependabot[bot]
Time to Close:
15 days
Labels:
dependencies python
dependencies python
Description:
Bumps bandit from 1.8.3 to 1.8.6.
Release notes
Sourced from bandit's releases.
1.8.6
What's Changed
- Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by
@dependabotin PyCQA/bandit#1279- Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by
@dependabotin PyCQA/bandit#1278- added hint to FreeBSD package in doc/source/integrations.rst by
@daniel-mohrin PyCQA/bandit#1282- Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by
@dependabotin PyCQA/bandit#1284- Huggingface revision pinning by
@lukehindsin PyCQA/bandit#1281New Contributors
@daniel-mohrmade their first contribution in PyCQA/bandit#1282Full Changelog: https://github.com/PyCQA/bandit/compare/1.8.5...1.8.6
1.8.5
What's Changed
- Fix the rendering of the CI/CD doc by
@ericwbin PyCQA/bandit#1274- Fix for publish to PyPI failure by
@ericwbin PyCQA/bandit#1273Full Changelog: https://github.com/PyCQA/bandit/compare/1.8.4...1.8.5
1.8.4
What's Changed
- Add more random functions to B311 check by
@aripollakin PyCQA/bandit#1235- Metadata: rename classifier to classifiers by
@ericwbin PyCQA/bandit#1237- Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by
@dependabotin PyCQA/bandit#1239- Bump docker/build-push-action from 6.13.0 to 6.14.0 by
@dependabotin PyCQA/bandit#1238- Bump docker/build-push-action from 6.14.0 to 6.15.0 by
@dependabotin PyCQA/bandit#1240- Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by
@dependabotin PyCQA/bandit#1241- Bump docker/login-action from 3.3.0 to 3.4.0 by
@dependabotin PyCQA/bandit#1245- Bump bandit version in bug template by
@ericwbin PyCQA/bandit#1247- Fix traceback from trojansource plugin by
@ericwbin PyCQA/bandit#1248- Ensure the man page is built by
@ericwbin PyCQA/bandit#1257- Update documentation to cover
--severity-leveland--confidence-levelby@bmosin PyCQA/bandit#1254- Use license property in lieu of classifier by
@ericwbin PyCQA/bandit#1259- Fix up some of the warnings when building docs by
@ericwbin PyCQA/bandit#1258- Add a doc describing various integrations by
@ericwbin PyCQA/bandit#1253- Use ubuntu latest for readthedocs build by
@ericwbin PyCQA/bandit#1260- Bump docker/build-push-action from 6.15.0 to 6.16.0 by
@dependabotin PyCQA/bandit#1261- Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by
@dependabotin PyCQA/bandit#1262- Remove etc from list of temp paths by
@ericwbin PyCQA/bandit#1263- Bump docker/build-push-action from 6.16.0 to 6.17.0 by
@dependabotin PyCQA/bandit#1265- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin PyCQA/bandit#1266- Bump docker/build-push-action from 6.17.0 to 6.18.0 by
@dependabotin PyCQA/bandit#1268- add github-actions documentation by
@Killpitin PyCQA/bandit#1172New Contributors
@aripollakmade their first contribution in PyCQA/bandit#1235@bmosmade their first contribution in PyCQA/bandit#1254@Killpitmade their first contribution in PyCQA/bandit#1172
... (truncated)
Commits
2d0b675Huggingface revision pinning (#1281)4cd1337Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 (#1284)ffed1bbadded hint to FreeBSD package in doc/source/integrations.rst (#1282)090ba0fBump docker/setup-buildx-action from 3.10.0 to 3.11.1 (#1278)33c6789Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 (#1279)23d269aFix for publish to PyPI failure (#1273)e3ff8b5Fix the rendering of the CI/CD doc (#1274)61d1667add github-actions documentation (#1172)cea2b1cBump docker/build-push-action from 6.17.0 to 6.18.0 (#1268)2d577a6[pre-commit.ci] pre-commit autoupdate (#1266)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
1
Files Changed:
1
1
Additions:
+3
+3
Deletions:
-3
-3
Package Dependencies
Technical Details
| ID: | 2931202 |
| UUID: | 2647899929 |
| Node ID: | PR_kwDOMgx1_s6d078Z |
| Host: | GitHub |
| Repository: | gardenlinux/python-gardenlinux-lib |
| Merge State: | Unknown |