Bump bandit from 1.6.2 to 1.7.0

[dependabot]

Bumps bandit from 1.6.2 to 1.7.0.

Release notes

Sourced from bandit's releases.

1.7.0

• Remove blacklist call to input() (#662) @ericwb
• Create CODEOWNERS (#661) @ericwb
• Remove universal support on the wheel (#655) @ericwb
• Give some tips on how to resolve B101 in the doc (#616) @xuhdev

See full changelog

1.6.3

• Add workflow to publish to PyPI (#653) @ericwb
• GitHub Action to publish to Test PyPI (#652) @ericwb
• Fix # noqa rendering in docs (#645) @DrGFreeman
• Don't show progress information on --quiet (#641) @fniessink
• Add skip configuration to assert_used (#633) @wilbertom
• Drop Python2 build, test, and install (#615) @ericwb
• Add release notes project URL (#610) @scop
• [FIX] blacklist: fix typo in import_ftplib (#601) @Yenthe666
• Resolve 'NoneType' object has no attribute 'id'Traceback in django_mark_safe (#598) @ehooo
• Update CODE_OF_CONDUCT.md (#591) @ericwb
• Fix typo for activating venv (#590) @bavedarnow
• Bump pyyaml (#588) @dosisod
• Fix colorama not being disabled after being used (#586) @adambenali
• Cleanup some typos in recent contributor guide (#585) @ericwb
• [DOC] Support python3 venv creation (#583) @look4regev
• Fix contributing typo (#582) @Glyphack
• Add contributing file (#572) @Glyphack
• Add push and pull request to GH Action trigger (#567) @ericwb
• Use GitHub Actions to run CI (#565) @ericwb
• Add sha1 to the list of insecure hashes (#561) @ericwb
• replace 'then' with 'than' (#557) @pwoolvett
• Fix docs for B610,B611,B703 (#555) @amacfie
• Add a section explaining "nosec" (#554) @exhuma
• Add official support of Python 3.8 (#547) @ericwb
• Ignore common directories by default (#544) @ericwb
• Add shelve to the pickle blacklists (#542) @auscompgeek
• Add more missing ini options (#541) @ericwb
• Revert "Revert "Update python documentation links for version 3 counterparts"" (#540) @ericwb
• Remove unused bindep.txt file (#539) @ericwb
• Remove obsolete "sudo" keyword. (#538) @jugmac00
• Update test requirements to latest versions (#535) @ericwb
• Fix readme file on Extending Bandit on list things (#534) @Aurel10
• fix the documentation file README.rst (#533) @Aurel10

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[xuhdev]

PyCQA/bandit#657 hasn't been fixed yet. Skip this version. Closing now.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[edwardleardi]

Surprised they still didn't fix this, seems like a big bug. Also their repo says it passing all their tests, so they're not testing the .bandit file? :O

[xuhdev]

They have passed all tests, looks like they just didn't test this part

[xuhdev]

I'm also a bit surprised because this is not even some edge case -- the bug is probably encountered by a significant portion of users for very basic usage and a new release still didn't fix this.

[edwardleardi]

you'd think a package that's focused on boosting security and reducing vulnerabilities in your code would be more on top of their own bugs 🙈