1.7.7
What's Changed
- Add the new release to bandit versions of bug template by @ericwb in #1075
- Bump actions/setup-python from 4 to 5 by @dependabot in #1076
- Handle variant in how policy is passed in paramiko by @ericwb in #1078
- Flag str.replace as possible sql injection by @costaparas in #1044
- defusedxml: Show correct module name by @kajinamit in #1081
- Add tidelift to the sponsor funding list by @ericwb in #1089
- Create a security policy by @ericwb in #1091
- Fix up issues found running Bandit on itself by @ericwb in #1093
- Add random.randbytes to blacklist calls by @ericwb in #1096
- Prepend ./ for files specified as CLI args by @ericwb in #1094
- Rework GitPython dependency to be an extra for bandit-baseline by @ericwb in #1099
- Bump actions/dependency-review-action from 3 to 4 by @dependabot in #1101
- Introduce Official Bandit Images by @lukehinds in #1088
- Remove markdown formatting in reStructuredText formatted README by @ericwb in #1103
- Downsize the org:repo name by @lukehinds in #1104
New Contributors
- @kajinamit made their first contribution in #1081
Full Changelog: 1.7.6...1.7.7