chore(deps-dev): update bandit requirement from 1.8.3 to 1.8.5 (#830)

dependabot[bot] · web-flow · commit 19c9375f2076 · 2025-06-24T10:08:40.000+02:00
Updates the requirements on [bandit](https://github.com/PyCQA/bandit) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyCQA/bandit/releases">bandit's releases</a>.</em></p> <blockquote> <h2>1.8.5</h2> <h2>What's Changed</h2> <ul> <li>Fix the rendering of the CI/CD doc by <a href="https://github.com/ericwb"><code>@​ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1274">PyCQA/bandit#1274</a></li> <li>Fix for publish to PyPI failure by <a href="https://github.com/ericwb"><code>@​ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1273">PyCQA/bandit#1273</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/PyCQA/bandit/compare/1.8.4...1.8.5">https://github.com/PyCQA/bandit/compare/1.8.4...1.8.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/bandit/commit/23d269a665abd84597785fdf8fdda04ea89f59f3"><code>23d269a</code></a> Fix for publish to PyPI failure (<a href="https://redirect.github.com/PyCQA/bandit/issues/1273">#1273</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/e3ff8b5332a5bddaae8d4da39237d2456fb8b84c"><code>e3ff8b5</code></a> Fix the rendering of the CI/CD doc (<a href="https://redirect.github.com/PyCQA/bandit/issues/1274">#1274</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/61d1667e87f02859412b5978bd1064d4606ffa69"><code>61d1667</code></a> add github-actions documentation (<a href="https://redirect.github.com/PyCQA/bandit/issues/1172">#1172</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/cea2b1ccdc711f7d4a5f757d7f8de9ad17123450"><code>cea2b1c</code></a> Bump docker/build-push-action from 6.17.0 to 6.18.0 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1268">#1268</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/2d577a6a9f56a59d830a0f873c527d2323694e61"><code>2d577a6</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/PyCQA/bandit/issues/1266">#1266</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/fa557cc24d08518dbf32f1a653c76b4b50fc8c53"><code>fa557cc</code></a> Bump docker/build-push-action from 6.16.0 to 6.17.0 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1265">#1265</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/2f0ab8bb319910bc8cc36f29e446005d6a1a613e"><code>2f0ab8b</code></a> Remove etc from list of temp paths (<a href="https://redirect.github.com/PyCQA/bandit/issues/1263">#1263</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/d8feade707d29d2f35ead8afb349cdf8843f0d74"><code>d8feade</code></a> Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1262">#1262</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/7979676e7a53f73e5e2647e0b098e88c2cfcc541"><code>7979676</code></a> Bump docker/build-push-action from 6.15.0 to 6.16.0 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1261">#1261</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/6c927320180d2f11d092c3ac5509e19f554ba295"><code>6c92732</code></a> Use ubuntu latest for readthedocs build (<a href="https://redirect.github.com/PyCQA/bandit/issues/1260">#1260</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PyCQA/bandit/compare/1.8.3...1.8.5">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/pyproject.toml b/pyproject.toml
@@ -97,7 +97,7 @@ mypy = "1.16.1"
 tomli = { version = "2.2.1", python = "<3.11" }
 tox = "4.27.0"
 xmldiff = "2.7.0"
-bandit = "1.8.3"
+bandit = "1.8.5"
 pyupgrade = "3.20.0"
 
 [tool.semantic_release]
