CVS commit: pkgsrc/security/py-bandit

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/py-bandit
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Thu, 24 Jul 2025 10:46:42 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Thu Jul 24 10:46:42 UTC 2025

Modified Files:
        pkgsrc/security/py-bandit: Makefile PLIST distinfo

Log Message:
py-bandit: updated to 1.8.6

1.8.6

* Huggingface revision pinning
* Bump sigstore/cosign-installer from 3.9.0 to 3.9.1
* added hint to FreeBSD package in doc/source/integrations.rst
* Bump docker/setup-buildx-action from 3.10.0 to 3.11.1
* Bump sigstore/cosign-installer from 3.8.2 to 3.9.0

1.8.5

* Fix for publish to PyPI failure
* Fix the rendering of the CI/CD doc

1.8.4

* add github-actions documentation
* Bump docker/build-push-action from 6.17.0 to 6.18.0
* [pre-commit.ci] pre-commit autoupdate
* Bump docker/build-push-action from 6.16.0 to 6.17.0
* Remove etc from list of temp paths
* Bump sigstore/cosign-installer from 3.8.1 to 3.8.2
* Bump docker/build-push-action from 6.15.0 to 6.16.0
* Use ubuntu latest for readthedocs build
* Add a doc describing various integrations
* Fix up some of the warnings when building docs
* Use license property in lieu of classifier
* Update documentation to cover \`--severity-level\` and \`--confidence-level\`
* Ensure the man page is built
* Fix traceback from trojansource plugin
* Bump bandit version in bug template
* Bump docker/login-action from 3.3.0 to 3.4.0
* Bump docker/setup-buildx-action from 3.9.0 to 3.10.0
* Bump docker/build-push-action from 6.14.0 to 6.15.0
* Bump docker/build-push-action from 6.13.0 to 6.14.0
* Bump sigstore/cosign-installer from 3.8.0 to 3.8.1
* Metadata: rename classifier to classifiers
* Add more random functions to B311 check


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/py-bandit/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/py-bandit/PLIST
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/py-bandit/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/py-bandit/Makefile
diff -u pkgsrc/security/py-bandit/Makefile:1.17 pkgsrc/security/py-bandit/Makefile:1.18
--- pkgsrc/security/py-bandit/Makefile:1.17     Mon Apr 14 05:08:07 2025
+++ pkgsrc/security/py-bandit/Makefile  Thu Jul 24 10:46:42 2025
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.17 2025/04/14 05:08:07 adam Exp $
+# $NetBSD: Makefile,v 1.18 2025/07/24 10:46:42 adam Exp $
 
-DISTNAME=      bandit-1.8.3
+DISTNAME=      bandit-1.8.6
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
-PKGREVISION=   1
 CATEGORIES=    security python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=b/bandit/}
 
@@ -13,10 +12,11 @@ LICENSE=    apache-2.0
 
 TOOL_DEPENDS+= ${PYPKGPREFIX}-pbr>=2.0.0:../../devel/py-pbr
 TOOL_DEPENDS+= ${PYPKGPREFIX}-setuptools>=78:../../devel/py-setuptools
-DEPENDS+=      ${PYPKGPREFIX}-gitpython>=3.1.30:../../devel/py-gitpython
 DEPENDS+=      ${PYPKGPREFIX}-rich-[0-9]*:../../comms/py-rich
 DEPENDS+=      ${PYPKGPREFIX}-stevedore>=1.20.0:../../devel/py-stevedore
 DEPENDS+=      ${PYPKGPREFIX}-yaml>=5.3.1:../../textproc/py-yaml
+# baseline
+DEPENDS+=      ${PYPKGPREFIX}-gitpython>=3.1.30:../../devel/py-gitpython
 TEST_DEPENDS+= ${PYPKGPREFIX}-beautifulsoup4>=4.8.0:../../www/py-beautifulsoup4
 TEST_DEPENDS+= ${PYPKGPREFIX}-fixtures>=3.0.0:../../devel/py-fixtures
 TEST_DEPENDS+= ${PYPKGPREFIX}-testscenarios>=0.5.0:../../devel/py-testscenarios
@@ -31,11 +31,19 @@ PYTHON_VERSIONS_INCOMPATIBLE=       39 310 # p
 TEST_DEPENDS+= ${PYPKGPREFIX}-tomli>=1.1.0:../../textproc/py-tomli
 .endif
 
+SUBST_CLASSES+=                mandir
+SUBST_STAGE.mandir=    pre-configure
+SUBST_MESSAGE.mandir=  Setting correct mandir.
+SUBST_FILES.mandir=    setup.py
+SUBST_SED.mandir=      -e 's,share/man,${PKGMANDIR},g'
+
 post-install:
 .for bin in bandit bandit-baseline bandit-config-generator
        cd ${DESTDIR}${PREFIX}/bin && \
        ${MV} ${bin} ${bin}-${PYVERSSUFFIX} || ${TRUE}
 .endfor
+       cd ${DESTDIR}${PREFIX}/${PKGMANDIR} && \
+       ${MV} man1/bandit.1 man1/bandit-${PYVERSSUFFIX}.1 || ${TRUE}
 
 .include "../../lang/python/wheel.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/security/py-bandit/PLIST
diff -u pkgsrc/security/py-bandit/PLIST:1.7 pkgsrc/security/py-bandit/PLIST:1.8
--- pkgsrc/security/py-bandit/PLIST:1.7 Mon Apr 14 05:08:07 2025
+++ pkgsrc/security/py-bandit/PLIST     Thu Jul 24 10:46:42 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.7 2025/04/14 05:08:07 adam Exp $
+@comment $NetBSD: PLIST,v 1.8 2025/07/24 10:46:42 adam Exp $
 bin/bandit-${PYVERSSUFFIX}
 bin/bandit-baseline-${PYVERSSUFFIX}
 bin/bandit-config-generator-${PYVERSSUFFIX}
@@ -157,6 +157,9 @@ ${PYSITELIB}/bandit/plugins/general_hard
 ${PYSITELIB}/bandit/plugins/hashlib_insecure_functions.py
 ${PYSITELIB}/bandit/plugins/hashlib_insecure_functions.pyc
 ${PYSITELIB}/bandit/plugins/hashlib_insecure_functions.pyo
+${PYSITELIB}/bandit/plugins/huggingface_unsafe_download.py
+${PYSITELIB}/bandit/plugins/huggingface_unsafe_download.pyc
+${PYSITELIB}/bandit/plugins/huggingface_unsafe_download.pyo
 ${PYSITELIB}/bandit/plugins/injection_paramiko.py
 ${PYSITELIB}/bandit/plugins/injection_paramiko.pyc
 ${PYSITELIB}/bandit/plugins/injection_paramiko.pyo
@@ -214,3 +217,4 @@ ${PYSITELIB}/bandit/plugins/weak_cryptog
 ${PYSITELIB}/bandit/plugins/yaml_load.py
 ${PYSITELIB}/bandit/plugins/yaml_load.pyc
 ${PYSITELIB}/bandit/plugins/yaml_load.pyo
+man/man1/bandit-${PYVERSSUFFIX}.1

Index: pkgsrc/security/py-bandit/distinfo
diff -u pkgsrc/security/py-bandit/distinfo:1.10 pkgsrc/security/py-bandit/distinfo:1.11
--- pkgsrc/security/py-bandit/distinfo:1.10     Wed Feb 26 22:07:53 2025
+++ pkgsrc/security/py-bandit/distinfo  Thu Jul 24 10:46:42 2025
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.10 2025/02/26 22:07:53 adam Exp $
+$NetBSD: distinfo,v 1.11 2025/07/24 10:46:42 adam Exp $
 
-BLAKE2s (bandit-1.8.3.tar.gz) = 69e13f0f78702d94d156a29e1e867f970d23e5c445d8c44d7ac1dd2ccf413582
-SHA512 (bandit-1.8.3.tar.gz) = 50f2ee3f39c2991f030790674e7d25337dac9a4cd0d83d2b76e3152fc3833fb9d8228c347347d3558795b50c2973b825b9e8ab9546ccf6fec60f4f5fbd8ededc
-Size (bandit-1.8.3.tar.gz) = 4232005 bytes
+BLAKE2s (bandit-1.8.6.tar.gz) = 57b96da012c8bcd03d55ad46c7da95a12c076efc9c9e6876caa851642751d059
+SHA512 (bandit-1.8.6.tar.gz) = 764b5bcd584b35bf36b277ede2cbf276487f99aa2881dd350db56539b968bd03ef2b3121afae075c0be24a8295cc29767e0dfe523923c2fbbb0d093f49658abb
+Size (bandit-1.8.6.tar.gz) = 4240271 bytes

Prev by Date: CVS commit: pkgsrc/lang/rust
Next by Date: CVS commit: pkgsrc/devel/py-zope.event
Previous by Thread: CVS commit: pkgsrc/lang/rust
Next by Thread: CVS commit: pkgsrc/devel/py-zope.event
Indexes:

Home | Main Index | Thread Index | Old Index