Skip to content

Bump bandit from 1.8.5 to 1.9.3#73

Merged
docktermj merged 1 commit intomainfrom
dependabot/pip/bandit-1.9.3
Feb 18, 2026
Merged

Bump bandit from 1.8.5 to 1.9.3#73
docktermj merged 1 commit intomainfrom
dependabot/pip/bandit-1.9.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 18, 2026
edited by github-actions bot
Loading

Bumps bandit from 1.8.5 to 1.9.3.

Release notes

Sourced from bandit's releases.

1.9.3

What's Changed

New Contributors

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

1.9.2

What's Changed

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

1.9.1

What's Changed

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

1.9.0

What's Changed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #1348
Resolves #1347
Resolves #1346
Resolves #1341
Resolves #1338
Resolves #1337
Resolves #1335
Resolves #1334
Resolves #1333
Resolves #1331
Resolves PyCQA/bandit#1334
Resolves PyCQA/bandit#1335
Resolves PyCQA/bandit#1337
Resolves PyCQA/bandit#1338
Resolves PyCQA/bandit#1341
Resolves PyCQA/bandit#1346
Resolves PyCQA/bandit#1347
Resolves PyCQA/bandit#1348
Resolves PyCQA/bandit#1331
Resolves PyCQA/bandit#1333
Resolves PyCQA/bandit#1327
Resolves PyCQA/bandit#1275
Resolves PyCQA/bandit#1289
Resolves PyCQA/bandit#1290
Resolves PyCQA/bandit#1291
Resolves PyCQA/bandit#1292
Resolves PyCQA/bandit#1295
Resolves PyCQA/bandit#1296
Resolves PyCQA/bandit#1298
Resolves PyCQA/bandit#1303
Resolves PyCQA/bandit#1305
Resolves PyCQA/bandit#1306
Resolves PyCQA/bandit#1315
Resolves PyCQA/bandit#1317
Resolves PyCQA/bandit#1323

@dependabot
Bump bandit from 1.8.5 to 1.9.3
cdc9726 
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.8.5 to 1.9.3.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](PyCQA/bandit@1.8.5...1.9.3)

---
updated-dependencies:
- dependency-name: bandit
  dependency-version: 1.9.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 18, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 18, 2026 13:13
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 18, 2026
@github-actions
Copy link

github-actions bot commented Feb 18, 2026

🤖 Claude Code Review

Code Review

PR Summary: Dependency version bump — bandit from 1.8.5 to 1.9.3 in development-requirements.txt.

Code Quality

  • Style guide — Single-file change to a requirements file; no style concerns.
  • No commented-out code — Not applicable.
  • Meaningful variable names — Not applicable.
  • DRY principle — Not applicable.
  • Defects / bugs — No logic changes; straightforward version bump. bandit 1.9.3 is a legitimate release. No concerns.
  • Project memory (.claude/CLAUDE.md) — Not present or not relevant to this change.

Testing

  • Unit/integration tests — No new functions or endpoints; not applicable.
  • Test coverage — No source code changed; not applicable.
  • ⚠️ Edge cases — Worth confirming CI passes with the new bandit version, as minor releases can introduce new rule detections that cause scan failures on existing code. This is a process concern, not a defect.

Documentation

  • README / API docs — No update needed for a dev dependency bump.
  • Inline comments — Not applicable.
  • CHANGELOG.md — Dependency bumps of this nature (dev tooling only) typically do not require a changelog entry. Acceptable as-is unless your project convention requires it.
  • Markdown formatting — Not applicable.

Security

  • No hardcoded credentials — Not applicable.
  • Input validation — Not applicable.
  • Error handling — Not applicable.
  • Sensitive data in logs — Not applicable.
  • License files — None present.

Summary

This is a clean, minimal dependency bump. The only actionable note:

Verify CI passes. bandit 1.9.3 may flag issues in existing code that 1.8.5 did not, due to new or updated rules. If CI is green, this PR is ready to merge.

Verdict: Approve — pending CI green.

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit 10fb974 into main Feb 18, 2026
16 checks passed
@docktermj docktermj deleted the dependabot/pip/bandit-1.9.3 branch February 18, 2026 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@docktermj