Comparing changes

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.10.0 to 6.11.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@48aba3b...b32b51a) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.11.0 to 6.12.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@b32b51a...67a2d40) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.12.0 to 6.13.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@67a2d40...ca877d9) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [pre-commit.ci] pre-commit autoupdate updates: - [github.com/psf/black-pre-commit-mirror: 24.10.0 → 25.1.0](psf/black-pre-commit-mirror@24.10.0...25.1.0) * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

The bug template should include a drop down selection for newly released Bandit versions 1.8.1 and 1.8.2.

* Add markupsafe.Markup XSS plugin * Apply suggestions from code review Co-authored-by: Eric Brown <ericwb@users.noreply.github.com> --------- Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

When a user gives a test ID to include or skip, the current behavior raises an exception and exits the process. However, when tests end up getting deprecated and eventually removed, it is a lot more user friendly to simple present a warning to the user that the test ID given wasn't found rather than a hard error and exit. Fixes: #1228 Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>

* B107: Skip None values in hardcoded password detection The B107 check was incorrectly flagging None default values as hardcoded passwords in function definitions. This is a false positive since None is a legitimate and commonly used within __init__ initialization This change modifies the hardcoded_password_default function to: - Skip None values in parameter defaults - Handle both ast.Constant (Python 3.8+) and ast.NameConstant (Python 3.7-) representations of None - Update documentation to clarify None handling behavior Example of code that no longer triggers B107: def __init__(self, auth_scheme, auth_password=None): pass Fixes ##1227 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

* Fix pytorch weights check * B614: Fix PyTorch plugin to handle weights_only parameter correctly The PyTorch plugin (B614) has been updated to properly handle the weights_only parameter in torch.load calls. When weights_only=True is specified, PyTorch will only deserialize known safe types, making the operation more secure. I also removed torch.save as there is no certain insecure element as such, saving any file or artifact requires consideration of what it is you are saving. Changes: - Update plugin to only check torch.load calls (not torch.save) - Fix weights_only check to handle both string and boolean True values - Remove map_location check as it doesn't affect security - Update example file to demonstrate both safe and unsafe cases - Update plugin documentation to mention weights_only as a safe alternative The plugin now correctly identifies unsafe torch.load calls while allowing safe usage with weights_only=True to pass without warning. Fixes: #1224 * Fix E501 line too long * Rename files to new test scope * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update doc/source/plugins/b614_pytorch_load.rst Co-authored-by: Eric Brown <ericwb@users.noreply.github.com> * Update pytorch_load.py --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Comparing changes

Open a pull request

Commits on Jan 13, 2025

Commits on Jan 20, 2025

Commits on Jan 27, 2025

Commits on Feb 4, 2025

Commits on Feb 5, 2025

Commits on Feb 10, 2025

Commits on Feb 16, 2025

This comparison is taking too long to generate.

Uh oh!

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.