Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump bandit from 1.5.7 to 1.6.0 (#942)
Bumps [bandit](https://github.com/mtrudel/bandit) from 1.5.7 to 1.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mtrudel/bandit/blob/main/CHANGELOG.md">bandit's changelog</a>.</em></p> <blockquote> <h2>1.6.0 (18 Nov 2024)</h2> <h3>Enhancements</h3> <ul> <li>Add framework for supporting optimized native code on various hot paths (<a href="https://redirect.github.com/mtrudel/bandit/issues/394">#394</a>, thanks <a href="https://github.com/alisinabh"><code>@alisinabh</code></a>!)</li> <li>Pass conn and exception data as logger metadata (<a href="https://redirect.github.com/mtrudel/bandit/issues/417">#417</a> & <a href="https://redirect.github.com/mtrudel/bandit/issues/420">#420</a>, thanks <a href="https://github.com/grzuy"><code>@grzuy</code></a>!)</li> <li>Loosen hpax dependency requirements</li> <li>Add <code>log_client_closures</code> http option, defaulting to false (<a href="https://redirect.github.com/mtrudel/bandit/issues/397">#397</a>, thanks <a href="https://github.com/goncalotomas"><code>@goncalotomas</code></a>!)</li> <li>Handle plugs that throw a result (<a href="https://redirect.github.com/mtrudel/bandit/issues/411">#411</a>, thanks <a href="https://github.com/grzuy"><code>@grzuy</code></a>!)</li> </ul> <h3>Fixes</h3> <ul> <li>Improve content-length send logic per RFC9110§8.6/8.7</li> <li>Explicitly signal keepalives in HTTP/1.0 requests</li> </ul> <h3>Changes</h3> <ul> <li>Fix typo & clarify docs</li> <li>Update security policy</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mtrudel/bandit/commit/3b38b1a35a1562536082d0507574e2af307c9f5a"><code>3b38b1a</code></a> Version bump to 1.6.0</li> <li><a href="https://github.com/mtrudel/bandit/commit/0a54b76f372855244e64b4b9dffd6fdc44e63df8"><code>0a54b76</code></a> Bump ThousandIsland dependency</li> <li><a href="https://github.com/mtrudel/bandit/commit/898afdce7af2f0d14a09d50d88e7ef7a73fb0e88"><code>898afdc</code></a> Add support for running optimized native code for websocket mask (<a href="https://redirect.github.com/mtrudel/bandit/issues/394">#394</a>)</li> <li><a href="https://github.com/mtrudel/bandit/commit/cd855ec5677aafc0396bef244c83be7a58f0f612"><code>cd855ec</code></a> Improve content-length send logic per RFC9110§8.6/8.7</li> <li><a href="https://github.com/mtrudel/bandit/commit/2207479e002926337d14242ea6121c7d013a0e4c"><code>2207479</code></a> Update SECURITY.md</li> <li><a href="https://github.com/mtrudel/bandit/commit/e2cb8611b90c69765af66faa87f59615dbd0ecbb"><code>e2cb861</code></a> feat: allow logger handler to know about HTTP request details (<a href="https://redirect.github.com/mtrudel/bandit/issues/420">#420</a>)</li> <li><a href="https://github.com/mtrudel/bandit/commit/299e47e67ae92138e2b80619786bfbf0fa1fd9e7"><code>299e47e</code></a> Fix incorrect typespec in http_2_options</li> <li><a href="https://github.com/mtrudel/bandit/commit/9036df8d94a82239893d82532bab21ef76217f57"><code>9036df8</code></a> Explicitly signal keepalives in HTTP/1.0 requests</li> <li><a href="https://github.com/mtrudel/bandit/commit/4e145b8bea437482f50e682afa91c663c00e55ee"><code>4e145b8</code></a> test: make less likely that test run into :eaddrinuse failure locally (<a href="https://redirect.github.com/mtrudel/bandit/issues/419">#419</a>)</li> <li><a href="https://github.com/mtrudel/bandit/commit/a5da3ce5246fc03487d4c0f5fa5ed01965b97e71"><code>a5da3ce</code></a> fix: throwing plug properly handled and returns 500 (<a href="https://redirect.github.com/mtrudel/bandit/issues/411">#411</a>)</li> <li>Additional commits viewable in <a href="https://github.com/mtrudel/bandit/compare/1.5.7...1.6.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
- Loading branch information
