core: bump bandit from 1.9.2 to 1.9.3 (#19566)

* core: bump bandit from 1.9.2 to 1.9.3 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.3) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * update config, fix warnings Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2026-06-17 19:09:11 +03:00 · 2026-01-20 01:45:45 +01:00
parent a908efb792
commit 288f6f50f6
7 changed files with 12 additions and 15 deletions
@@ -77,8 +77,7 @@ lint-fix: lint-codespell  ## Lint and automatically fix errors in the python sou
 lint-codespell:  ## Reports spelling errors.
 	$(UV) run codespell -w

-lint: ## Lint the python and golang sources
-	$(UV) run bandit -c pyproject.toml -r $(PY_SOURCES)
+lint: ci-bandit ## Lint the python and golang sources
 	golangci-lint run -v

 core-install:
@@ -340,7 +339,7 @@ ci-codespell: ci--meta-debug
 	$(UV) run codespell -s

 ci-bandit: ci--meta-debug
-	$(UV) run bandit -r $(PY_SOURCES)
+	$(UV) run bandit -c pyproject.toml -r $(PY_SOURCES) -iii

 ci-pending-migrations: ci--meta-debug
 	$(UV) run ak makemigrations --check
@@ -51,7 +51,8 @@ class SlackOAuthClient(OAuth2Client):
            token["id"] = authed_user.get("id")

        # Slack returns "user", but API expects Bearer
-        token["token_type"] = "Bearer"  # nosec B105 - not a password, OAuth token type
+        # not a password, OAuth token type
+        token["token_type"] = "Bearer"  # nosec

        return token

@@ -125,8 +125,8 @@ class WeChatType(SourceType):

    # URLs for the WeChat "Login for Websites" authorization flow
    authorization_url = "https://open.weixin.qq.com/connect/qrconnect"
-    # nosec: B105 This is a public URL, not a hardcoded secret
-    access_token_url = "https://api.weixin.qq.com/sns/oauth2/access_token"  # nosec
+    # This is a public URL, not a hardcoded secret
+    access_token_url = "https://api.weixin.qq.com/sns/oauth2/access_token"  # nosec B105
    profile_url = "https://api.weixin.qq.com/sns/userinfo"

    # Note: 'authorization_code_auth_method' is intentionally omitted.
@@ -11284,8 +11284,7 @@
                    "type": "string",
                    "enum": [
                        "MIT",
-                        "Heimdal",
-                        "other"
+                        "Heimdal"
                    ],
                    "title": "Kadmin type",
                    "description": "KAdmin server type"
@@ -78,7 +78,7 @@ dependencies = [
 [dependency-groups]
 dev = [
  "aws-cdk-lib==2.235.0",
-  "bandit==1.9.2",
+  "bandit==1.9.3",
  "black==26.1.0",
  "bpython==0.26",
  "codespell==2.4.1",
@@ -22115,7 +22115,6 @@ paths:
          enum:
          - Heimdal
          - MIT
-          - other
        description: |+
          KAdmin server type

@@ -39806,7 +39805,6 @@ components:
      enum:
      - MIT
      - Heimdal
-      - other
      type: string
    KerberosSource:
      type: object
@@ -393,7 +393,7 @@ requires-dist = [
 [package.metadata.requires-dev]
 dev = [
    { name = "aws-cdk-lib", specifier = "==2.235.0" },
-    { name = "bandit", specifier = "==1.9.2" },
+    { name = "bandit", specifier = "==1.9.3" },
    { name = "black", specifier = "==26.1.0" },
    { name = "bpython", specifier = "==0.26" },
    { name = "codespell", specifier = "==2.4.1" },
@@ -545,7 +545,7 @@ wheels = [

 [[package]]
 name = "bandit"
-version = "1.9.2"
+version = "1.9.3"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "colorama", marker = "sys_platform == 'win32'" },
@@ -553,9 +553,9 @@ dependencies = [
    { name = "rich" },
    { name = "stevedore" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/cf/72/f704a97aac430aeb704fa16435dfa24fbeaf087d46724d0965eb1f756a2c/bandit-1.9.2.tar.gz", hash = "sha256:32410415cd93bf9c8b91972159d5cf1e7f063a9146d70345641cd3877de348ce", size = 4241659, upload-time = "2025-11-23T21:36:18.722Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/89/76/a7f3e639b78601118aaa4a394db2c66ae2597fbd8c39644c32874ed11e0c/bandit-1.9.3.tar.gz", hash = "sha256:ade4b9b7786f89ef6fc7344a52b34558caec5da74cb90373aed01de88472f774", size = 4242154, upload-time = "2026-01-19T04:05:22.802Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/55/1a/5b0320642cca53a473e79c7d273071b5a9a8578f9e370b74da5daa2768d7/bandit-1.9.2-py3-none-any.whl", hash = "sha256:bda8d68610fc33a6e10b7a8f1d61d92c8f6c004051d5e946406be1fb1b16a868", size = 134377, upload-time = "2025-11-23T21:36:17.39Z" },
+    { url = "https://files.pythonhosted.org/packages/e0/0b/8bdc52111c83e2dc2f97403dc87c0830b8989d9ae45732b34b686326fb2c/bandit-1.9.3-py3-none-any.whl", hash = "sha256:4745917c88d2246def79748bde5e08b9d5e9b92f877863d43fab70cd8814ce6a", size = 134451, upload-time = "2026-01-19T04:05:20.938Z" },
 ]

 [[package]]