Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-bandit for openSUSE:Factory
checked in at 2024-11-13 15:28:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-bandit (Old)
and /work/SRC/openSUSE:Factory/.python-bandit.new.2017 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bandit"
Wed Nov 13 15:28:43 2024 rev:15 rq:1223777 version:1.7.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-bandit/python-bandit.changes
2023-12-15 21:50:43.917755640 +0100
+++ /work/SRC/openSUSE:Factory/.python-bandit.new.2017/python-bandit.changes
2024-11-13 15:29:14.563671798 +0100
@@ -1,0 +2,87 @@
+Tue Nov 12 17:04:57 UTC 2024 - Matej Cepl <mc...@cepl.eu>
+
+- Add missing BRs and establish Requires according to pyproject.toml.
+
+-------------------------------------------------------------------
+Fri Nov 8 09:21:01 UTC 2024 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- Update to 1.7.10
+ * Bump docker/build-push-action from 5.4.0 to 6.0.0
+ * Suggested small refactors in assignments
+ * Performance improvement in blacklist function
+ * Add test for usage of FTP_TLS
+ * New check: B113: TrojanSource - Bidirectional control characters
+ * Bump docker/build-push-action from 6.0.0 to 6.1.0
+ * feat(plugins): add support for httpx in B113
+ * Nit: remove unused variable
+ * Add recent releases to version choice in bug report
+ * Bump docker/build-push-action from 6.1.0 to 6.2.0
+ * Bump docker/build-push-action from 6.2.0 to 6.3.0
+ * Bump docker/setup-buildx-action from 3.3.0 to 3.4.0
+ * Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
+ * Bump docker/login-action from 3.2.0 to 3.3.0
+ * Bump docker/build-push-action from 6.3.0 to 6.5.0
+ * Bump docker/setup-buildx-action from 3.5.0 to 3.6.1
+ * Bump docker/build-push-action from 6.5.0 to 6.6.1
+ * Bump sigstore/cosign-installer from 3.5.0 to 3.6.0
+ * Bump docker/build-push-action from 6.6.1 to 6.7.0
+ * Use consistent file naming of docs
+ * Pytorch Load / Save Plugin
+- from version 1.7.9
+ * Bump docker/build-push-action from 5.1.0 to 5.2.0
+ * [pre-commit.ci] pre-commit autoupdate
+ * New logo for Bandit based on raccoon
+ * Start testing on Python 3.13
+ * Bump docker/build-push-action from 5.2.0 to 5.3.0
+ * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0
+ * Bump docker/login-action from 3.0.0 to 3.1.0
+ * [pre-commit.ci] pre-commit autoupdate
+ * [pre-commit.ci] pre-commit autoupdate
+ * Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
+ * [pre-commit.ci] pre-commit autoupdate
+ * Bump sigstore/cosign-installer from 3.4.0 to 3.5.0
+ * [pre-commit.ci] pre-commit autoupdate
+ * Updates banner logo so it renders well in dark mode
+ * [pre-commit.ci] pre-commit autoupdate
+ * Add a sponsor section to README
+ * Ensure sarif extra is included as part of doc build
+ * Bump docker/login-action from 3.1.0 to 3.2.0
+ * [pre-commit.ci] pre-commit autoupdate
+ * [pre-commit.ci] pre-commit autoupdate
+ * Guard against empty call argument list
+ * Bump docker/build-push-action from 5.3.0 to 5.4.0
+ * Support configfile in .bandit file
+- from version 1.7.8
+ * Incorrect tag naming in readme
+ * Utilize PyPI's trusted publishing
+ * Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
+ * Add 1.7.7 to versions of bug template
+ * Use datetime to avoid updating copyright year
+ * filter data is safe for tarfile extractall
+ * Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
+ * [B605] Add functions that are vulnerable to shell injection
+ * Add a SARIF output formatter
+- from version 1.7.7
+ * Add the new release to bandit versions of bug template
+ * Bump actions/setup-python from 4 to 5
+ * Handle variant in how policy is passed in paramiko
+ * Flag str.replace as possible sql injection
+ * defusedxml: Show correct module name
+ * Add tidelift to the sponsor funding list
+ * Create a security policy
+ * Fix up issues found running Bandit on itself
+ * Add random.randbytes to blacklist calls
+ * Prepend ./ for files specified as CLI args
+ * Rework GitPython dependency to be an extra for bandit-baseline
+ * Bump actions/dependency-review-action from 3 to 4
+ * Introduce Official Bandit Images
+ * Remove markdown formatting in reStructuredText formatted README
+ * Downsize the org:repo name by
+- Refresh remove-non-test-deps.patch
+- Use Python 3.11 on SLE-15 by default
+- Switch build system from setuptools to pyproject.toml
+ * Add python-pip and python-wheel to BuildRequires
+ * Replace %python_build with %pyproject_wheel
+ * Replace %python_install with %pyproject_install
+
+-------------------------------------------------------------------
Old:
----
bandit-1.7.6.tar.gz
New:
----
bandit-1.7.10.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-bandit.spec ++++++
--- /var/tmp/diff_new_pack.o91sGP/_old 2024-11-13 15:29:16.679760186 +0100
+++ /var/tmp/diff_new_pack.o91sGP/_new 2024-11-13 15:29:16.691760687 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-bandit
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,36 +27,46 @@
# CLI tool, no module
%define pythons python3
%bcond_without builddocs
+%{?sle15_python_module_pythons}
Name: python-bandit
-Version: 1.7.6
+Version: 1.7.10
Release: 0
Summary: Security oriented static analyser for Python code
License: Apache-2.0
URL: https://github.com/PyCQA/bandit
Source:
https://files.pythonhosted.org/packages/source/b/bandit/bandit-%{version}.tar.gz
Patch0: remove-non-test-deps.patch
+BuildRequires: %{python_module pbr >= 2.0}
+BuildRequires: %{python_module pip}
+BuildRequires: %{python_module setuptools}
+BuildRequires: %{python_module wheel}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
+Requires: python-GitPython
Requires: python-GitPython >= 1.0.1
+Requires: python-PyYAML
Requires: python-PyYAML >= 5.3.1
+Requires: python-jschema-to-python >= 1.2.3
Requires: python-rich
+Requires: python-sarif-om
Requires: python-stestr >= 1.0.0
Requires: python-stevedore >= 1.20.0
+Requires: (python-tomli >= 1.2.3 if python-base < 3.11)
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
+BuildArch: noarch
%if %{python_version_nodots} < 311
Requires: python-tomli
%endif
-Requires(post): update-alternatives
-Requires(postun):update-alternatives
-BuildArch: noarch
%if %{with test}
BuildRequires: %{python_module GitPython >= 1.0.1}
BuildRequires: %{python_module PyYAML >= 5.3.1}
BuildRequires: %{python_module bandit == %{version}}
BuildRequires: %{python_module beautifulsoup4 >= 4.8.0}
BuildRequires: %{python_module fixtures >= 3.0.0}
-BuildRequires: %{python_module pbr >= 2.0}
+BuildRequires: %{python_module jschema-to-python >= 1.2.3}
BuildRequires: %{python_module python-subunit >= 0.0.18}
-BuildRequires: %{python_module setuptools}
+BuildRequires: %{python_module sarif-om}
BuildRequires: %{python_module stestr >= 2.5.0}
BuildRequires: %{python_module stevedore >= 1.20.0}
BuildRequires: %{python_module testrepository >= 0.0.18}
@@ -82,12 +92,12 @@
%if !%{with test}
%build
-%python_build
+%pyproject_wheel
%endif
%if !%{with test}
%install
-%python_install
+%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%python_clone -a %{buildroot}%{_bindir}/bandit
%python_clone -a %{buildroot}%{_bindir}/bandit-config-generator
++++++ bandit-1.7.6.tar.gz -> bandit-1.7.10.tar.gz ++++++
++++ 2896 lines of diff (skipped)
++++++ remove-non-test-deps.patch ++++++
--- /var/tmp/diff_new_pack.o91sGP/_old 2024-11-13 15:29:17.463792934 +0100
+++ /var/tmp/diff_new_pack.o91sGP/_new 2024-11-13 15:29:17.499794438 +0100
@@ -1,8 +1,7 @@
-Index: bandit-1.7.5/test-requirements.txt
-===================================================================
---- bandit-1.7.5.orig/test-requirements.txt
-+++ bandit-1.7.5/test-requirements.txt
-@@ -1,12 +1,9 @@
+diff -Nru bandit-1.7.10.orig/test-requirements.txt
bandit-1.7.10/test-requirements.txt
+--- bandit-1.7.10.orig/test-requirements.txt 2024-09-23 17:33:25.000000000
+0000
++++ bandit-1.7.10/test-requirements.txt 2024-11-08 09:03:23.050061631
+0000
+@@ -1,11 +1,8 @@
# The order of packages is significant, because pip processes them in the
order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
@@ -12,7 +11,6 @@
stestr>=2.5.0 # Apache-2.0
testscenarios>=0.5.0 # Apache-2.0/BSD
testtools>=2.3.0 # MIT
- tomli>=1.1.0;python_version<"3.11" # MIT
beautifulsoup4>=4.8.0 # MIT
-pylint==1.9.4 # GPLv2
