deps(deps): bump bandit from 1.8.6 to 1.9.4 in the security-tools group by dependabot[bot] · Pull Request #362 · Wool-xing/Test-Agent

dependabot · 2026-06-15T01:08:35Z

Bumps the security-tools group with 1 update: bandit.

Updates bandit from 1.8.6 to 1.9.4

Release notes

1.9.4

What's Changed

chore: fixed some typos in comments by @jakob1379 in PyCQA/bandit#1351

Bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in PyCQA/bandit#1353

Bump docker/build-push-action from 6.18.0 to 6.19.2 by @dependabot[bot] in PyCQA/bandit#1357

Fix B613 crash when reading from stdin by @worksbyfriday in PyCQA/bandit#1361

Include filename in nosec 'no failed test' warning by @worksbyfriday in PyCQA/bandit#1363

Fix B615 false positive when revision is set via variable by @worksbyfriday in PyCQA/bandit#1358

Lower version guard in check_ast_node to Python 3.12 by @rcgray in PyCQA/bandit#1355

Fix B106 reporting wrong line number on multiline function calls by @worksbyfriday in PyCQA/bandit#1360

New Contributors

@jakob1379 made their first contribution in PyCQA/bandit#1351

@worksbyfriday made their first contribution in PyCQA/bandit#1361

@rcgray made their first contribution in PyCQA/bandit#1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

1.9.3

What's Changed

Bump actions/checkout from 5 to 6 by @dependabot[bot] in PyCQA/bandit#1334

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in PyCQA/bandit#1335

Fix B608 to detect VALUES( without space by @kfess in PyCQA/bandit#1337

Add check for hardcoded passwords in dicts. by @alanverresen in PyCQA/bandit#1338

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in PyCQA/bandit#1341

Update tox tests for Python 3.10 by @willschlitzer in PyCQA/bandit#1346

Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @dependabot[bot] in PyCQA/bandit#1347

Limit B614 to torch.load deserializers by @dibussoc in PyCQA/bandit#1348

New Contributors

@kfess made their first contribution in PyCQA/bandit#1337

@alanverresen made their first contribution in PyCQA/bandit#1338

@willschlitzer made their first contribution in PyCQA/bandit#1346

@dibussoc made their first contribution in PyCQA/bandit#1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

1.9.2

What's Changed

Argparse Python 3.14 enhancements by @ericwb in PyCQA/bandit#1331

Check whether Constant value is str by @ericwb in PyCQA/bandit#1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

1.9.1

What's Changed

More Python version related fixes by @ericwb in PyCQA/bandit#1327

... (truncated)

Commits

92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
8f2f928 Fix B615 false positive when revision is set via variable (#1358)
e27493f Include filename in nosec 'no failed test' warning (#1363)
b69b336 Fix B613 crash when reading from stdin (#1361)
e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
c0def6c chore: fixed some typos in comments (#1351)
765f00d Limit B614 to torch.load deserializers (#1348)
06fbbab Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the security-tools group with 1 update: [bandit](https://github.com/PyCQA/bandit). Updates `bandit` from 1.8.6 to 1.9.4 - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](PyCQA/bandit@1.8.6...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security-tools ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file pip Python pip 依赖升级 labels Jun 15, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump bandit from 1.8.6 to 1.9.4 in the security-tools group#362

deps(deps): bump bandit from 1.8.6 to 1.9.4 in the security-tools group#362
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/security-tools-080d80b3df

dependabot Bot commented on behalf of github Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 15, 2026

1.9.4

What's Changed

New Contributors

1.9.3

What's Changed

New Contributors

1.9.2

What's Changed

1.9.1

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants