fix(deps): update dependency bandit to >=1.9.4 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
bandit (source, changelog)	>=1.8.0 → >=1.9.4

---

Release Notes

PyCQA/bandit (bandit)

v1.9.4

Compare Source

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in #​1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in #​1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in #​1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in #​1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in #​1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in #​1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in #​1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in #​1360

New Contributors

• @​jakob1379 made their first contribution in #​1351
• @​worksbyfriday made their first contribution in #​1361
• @​rcgray made their first contribution in #​1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

v1.9.3

Compare Source

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​1334
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1335
• Fix B608 to detect VALUES( without space by @​kfess in #​1337
• Add check for hardcoded passwords in dicts. by @​alanverresen in #​1338
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1341
• Update tox tests for Python 3.10 by @​willschlitzer in #​1346
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in #​1347
• Limit B614 to torch.load deserializers by @​dibussoc in #​1348

New Contributors

• @​kfess made their first contribution in #​1337
• @​alanverresen made their first contribution in #​1338
• @​willschlitzer made their first contribution in #​1346
• @​dibussoc made their first contribution in #​1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

v1.9.2

Compare Source

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in #​1331
• Check whether Constant value is str by @​ericwb in #​1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

v1.9.1

Compare Source

What's Changed

• More Python version related fixes by @​ericwb in #​1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

v1.8.6

Compare Source

What's Changed

• Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @​dependabot in #​1279
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @​dependabot in #​1278
• added hint to FreeBSD package in doc/source/integrations.rst by @​daniel-mohr in #​1282
• Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @​dependabot in #​1284
• Huggingface revision pinning by @​lukehinds in #​1281

New Contributors

• @​daniel-mohr made their first contribution in #​1282

Full Changelog: PyCQA/bandit@1.8.5...1.8.6

v1.8.5

Compare Source

What's Changed

• Fix the rendering of the CI/CD doc by @​ericwb in #​1274
• Fix for publish to PyPI failure by @​ericwb in #​1273

Full Changelog: PyCQA/bandit@1.8.4...1.8.5

v1.8.3

Compare Source

What's Changed

• Bump docker/build-push-action from 6.10.0 to 6.11.0 by @​dependabot in #​1220
• Bump docker/build-push-action from 6.11.0 to 6.12.0 by @​dependabot in #​1221
• Bump docker/build-push-action from 6.12.0 to 6.13.0 by @​dependabot in #​1222
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1229
• Update bug template to include latest released versions by @​ericwb in #​1218
• Add markupsafe.Markup XSS plugin by @​Daverball in #​1225
• Warn not error on an nonexistant test given by @​ericwb in #​1230
• Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @​dependabot in #​1233
• Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot in #​1234
• B107: Skip None values in hardcoded password detection by @​lukehinds in #​1232
• Pytorch fix by @​lukehinds in #​1231

New Contributors

• @​Daverball made their first contribution in #​1225

Full Changelog: PyCQA/bandit@1.8.2...1.8.3

v1.8.2

Compare Source

What's Changed

• Revert "Start testing with 3.14 alphas" by @​ericwb in #​1217

Full Changelog: PyCQA/bandit@1.8.1...1.8.2

v1.8.1

Compare Source

What's Changed

• Bump docker/build-push-action from 6.9.0 to 6.10.0 by @​dependabot in #​1209
• Update the bug template with latest bandit version by @​ericwb in #​1208
• Add Mercedes-Benz to sponsor list by @​ericwb in #​1210
• Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @​dependabot in #​1211
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in #​1213
• Start testing with 3.14 alphas by @​ericwb in #​1189
• Remove lxml (B320 & B410) from blacklist by @​djbrown in #​1212
• Clarify "getting started" docs by @​Flimm in #​963

New Contributors

• @​djbrown made their first contribution in #​1212
• @​Flimm made their first contribution in #​963

Full Changelog: PyCQA/bandit@1.8.0...1.8.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!