Dark Mode

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings
Permalink

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: PyCQA/bandit
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.9.2
Choose a base ref
Loading
...
head repository: PyCQA/bandit
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.9.3
Choose a head ref
Loading
  • 8 commits
  • 14 files changed
  • 7 contributors

Commits on Nov 24, 2025

  1. Bump actions/checkout from 5 to 6 (#1334)

    * Bump actions/checkout from 5 to 6

    Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
    - [Release notes](https://github.com/actions/checkout/releases)
    - [Commits](actions/checkout@v5...v6)

    ---
    updated-dependencies:
    - dependency-name: actions/checkout
    dependency-version: '6'
    dependency-type: direct:production
    update-type: version-update:semver-major
    ...

    Signed-off-by: dependabot[bot]

    * Update .github/workflows/build-publish-image.yml

    ---------

    Signed-off-by: dependabot[bot]
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Eric Brown
    dependabot[bot] and ericwb authored Nov 24, 2025
    Configuration menu
    Copy the full SHA
    0b73bbe View commit details
    Browse the repository at this point in the history

  2. [pre-commit.ci] pre-commit autoupdate (#1335)

    updates:
    - [github.com/asottile/pyupgrade: v3.21.1 - v3.21.2](asottile/pyupgrade@v3.21.1...v3.21.2)

    Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    pre-commit-ci[bot] authored Nov 24, 2025
    Configuration menu
    Copy the full SHA
    b790ce2 View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2025

  1. Fix B608 to detect VALUES( without space (#1337)

    Fix B608 to detect VALUES( without space

    The current regex pattern for INSERT statements requires a whitespace
    character after VALUES, but VALUES( is valid SQL syntax and commonly
    used. This causes potential SQL injection cases to go undetected.

    Changed the regex from `values\s` to `values[\s(]` to match both
    `VALUES (` and `VALUES(` patterns.

    Resolves: #1336
    kfess authored Nov 30, 2025
    Configuration menu
    Copy the full SHA
    3c56109 View commit details
    Browse the repository at this point in the history

  2. Add check for hardcoded passwords in dicts. (#1338)

    * Add check for hardcoded passwords in dicts.

    * [pre-commit.ci] auto fixes from pre-commit.com hooks

    for more information, see https://pre-commit.ci

    ---------

    Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    alanverresen and pre-commit-ci[bot] authored Nov 30, 2025
    Configuration menu
    Copy the full SHA
    649b9bd View commit details
    Browse the repository at this point in the history

Commits on Dec 9, 2025

  1. [pre-commit.ci] pre-commit autoupdate (#1341)

    updates:
    - [github.com/psf/black-pre-commit-mirror: 25.11.0 - 25.12.0](psf/black-pre-commit-mirror@25.11.0...25.12.0)

    Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    pre-commit-ci[bot] authored Dec 9, 2025
    Configuration menu
    Copy the full SHA
    da0d338 View commit details
    Browse the repository at this point in the history

Commits on Dec 21, 2025

  1. Update tox tests for Python 3.10 (#1346)

    Update CONTRIBUTING.md for Python 3.10

    Bandit requires a Python version 3.10 or greater. CONTRIBUTING.md includes a required test running Python 3.9. This commit updates the test in the documentation for Python 3.10.
    willschlitzer authored Dec 21, 2025
    Configuration menu
    Copy the full SHA
    36d6f3c View commit details
    Browse the repository at this point in the history

Commits on Dec 22, 2025

  1. Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)

    Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.1 to 3.12.0.
    - [Release notes](https://github.com/docker/setup-buildx-action/releases)
    - [Commits](docker/setup-buildx-action@e468171...8d2750c)

    ---
    updated-dependencies:
    - dependency-name: docker/setup-buildx-action
    dependency-version: 3.12.0
    dependency-type: direct:production
    update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot]
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Dec 22, 2025
    Configuration menu
    Copy the full SHA
    06fbbab View commit details
    Browse the repository at this point in the history

Commits on Jan 11, 2026

  1. Limit B614 to torch.load deserializers (#1348)

    * Limit B614 to torch.load deserializers

    Avoids false positives for torch.*.load helpers such as
    torch.utils.cpp_extension.load while preserving checks for
    torch.load and torch.serialization.load.
    Updated docstrings and example to reflect expected behavior.

    Resolves: #1343

    * Update examples/pytorch_load.py

    ---------

    Co-authored-by: Eric Brown
    dibussoc and ericwb authored Jan 11, 2026
    Configuration menu
    Copy the full SHA
    765f00d View commit details
    Browse the repository at this point in the history
Loading