chore(deps): update dependency bandit to v1.11.1 #130

Open

renovate wants to merge 1 commit from renovate/bandit-1.x-lockfile into main

pull from: renovate/bandit-1.x-lockfile

merge into: inhji:main

inhji:main

inhji:renovate/tesla-1.x

inhji:renovate/error_tracker-0.x

inhji:renovate/ecto_sql-3.x-lockfile

inhji:renovate/atomex-0.x

inhji:renovate/req-0.x-lockfile

inhji:renovate/node-24.x

inhji:renovate/erlang-29.x

Conversation 0 Commits 1 Files changed 1 +2 -2

renovate commented 2026-05-13 18:00:16 +02:00

Collaborator

Copy link

This PR contains the following updates:

Package	Type	Update	Change
bandit (source)	prod	patch	1.11.0 → 1.11.1

---

Release Notes

mtrudel/bandit (bandit)

v1.11.1

Compare Source

Fixes

• Improve handling of large chunked request bodies (CVE-2026-39803, #​585, thanks @​PJUllrich & @​maennchen!)
• Improve handling of request trailers (CVE-2026-39806, #​585, thanks @​PJUllrich & @​maennchen!)

Changes

• We no longer disallow . and .. path components in HTTP/2 absolute paths (#​581)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [bandit](https://hex.pm/packages/bandit) ([source](https://github.com/mtrudel/bandit)) | prod | patch | `1.11.0` → `1.11.1` | --- ### Release Notes <details> <summary>mtrudel/bandit (bandit)</summary> ### [`v1.11.1`](https://github.com/mtrudel/bandit/blob/HEAD/CHANGELOG.md#1111-13-May-2026) [Compare Source](https://github.com/mtrudel/bandit/compare/1.11.0...1.11.1) ##### Fixes - Improve handling of large chunked request bodies (CVE-2026-39803, [#&#8203;585](https://github.com/mtrudel/bandit/issues/585), thanks [@&#8203;PJUllrich](https://github.com/PJUllrich) & [@&#8203;maennchen](https://github.com/maennchen)!) - Improve handling of request trailers (CVE-2026-39806, [#&#8203;585](https://github.com/mtrudel/bandit/issues/585), thanks [@&#8203;PJUllrich](https://github.com/PJUllrich) & [@&#8203;maennchen](https://github.com/maennchen)!) ##### Changes - We no longer disallow `.` and `..` path components in HTTP/2 absolute paths ([#&#8203;581](https://github.com/mtrudel/bandit/issues/581)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

renovate added 1 commit 2026-05-13 18:00:16 +02:00

Update dependency bandit to v1.11.1 1d0083b4ac

renovate force-pushed renovate/bandit-1.x-lockfile from 1d0083b4ac to 66cabf6642 2026-05-14 00:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 66cabf6642 to e20d536d7f 2026-05-14 12:00:16 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from e20d536d7f to 381ad8d297 2026-05-14 15:00:16 +02:00 Compare

renovate changed title from Update dependency bandit to v1.11.1 to chore(deps): update dependency bandit to v1.11.1 2026-05-14 15:00:18 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from 381ad8d297 to f4abf32599 2026-05-14 18:00:18 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from f4abf32599 to 4a2a9f23e1 2026-05-14 21:00:17 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 4a2a9f23e1 to 1a1226f8dd 2026-05-15 00:00:20 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 1a1226f8dd to 316e710fa0 2026-05-15 12:00:17 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 316e710fa0 to 5bf95f9c7f 2026-05-15 15:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 5bf95f9c7f to 06e00b5052 2026-05-15 18:00:18 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 06e00b5052 to aaf99275ff 2026-05-17 00:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from aaf99275ff to e94896814a 2026-05-17 03:00:20 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from e94896814a to c96d75a690 2026-05-17 15:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from c96d75a690 to 74ef6b34b1 2026-05-17 18:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 74ef6b34b1 to bf63f1bbdb 2026-05-18 00:00:18 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from bf63f1bbdb to b9f3f30218 2026-05-18 09:00:20 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from b9f3f30218 to 8d15e7cf67 2026-05-18 12:00:19 +02:00 Compare

renovate changed title from chore(deps): update dependency bandit to v1.11.1 to Update dependency bandit to v1.11.1 2026-05-18 12:00:21 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from 8d15e7cf67 to b520d3ed56 2026-05-18 15:00:20 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from b520d3ed56 to 62d50f9a59 2026-05-18 18:00:20 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 62d50f9a59 to 8aa0141850 2026-05-18 21:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 8aa0141850 to 5cb7118164 2026-05-19 09:00:21 +02:00 Compare

renovate changed title from Update dependency bandit to v1.11.1 to chore(deps): update dependency bandit to v1.11.1 2026-05-19 09:00:21 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from 5cb7118164 to 2d67422311 2026-05-19 12:00:20 +02:00 Compare

renovate changed title from chore(deps): update dependency bandit to v1.11.1 to Update dependency bandit to v1.11.1 2026-05-19 12:00:22 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from 2d67422311 to 62365b0532 2026-05-19 18:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 62365b0532 to fc95a66340 2026-05-20 00:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from fc95a66340 to 4e2174a77c 2026-05-20 09:00:19 +02:00 Compare

renovate changed title from Update dependency bandit to v1.11.1 to chore(deps): update dependency bandit to v1.11.1 2026-05-20 09:00:19 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from 4e2174a77c to 81f2a77ff7 2026-05-20 12:00:20 +02:00 Compare

renovate changed title from chore(deps): update dependency bandit to v1.11.1 to Update dependency bandit to v1.11.1 2026-05-20 12:00:20 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from 81f2a77ff7 to a07f508b11 2026-05-20 15:00:20 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from a07f508b11 to 4c2c9aee2e 2026-05-21 00:00:21 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 4c2c9aee2e to ba0b5fc486 2026-05-21 12:00:20 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from ba0b5fc486 to 1b74a5df68 2026-05-21 15:00:23 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 1b74a5df68 to 460ec365ac 2026-05-21 18:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 460ec365ac to 1ecc5a2c15 2026-05-22 00:00:15 +02:00 Compare

renovate changed title from Update dependency bandit to v1.11.1 to chore(deps): update dependency bandit to v1.11.1 2026-05-22 09:00:16 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from 1ecc5a2c15 to 80a5813e29 2026-05-22 09:00:16 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 80a5813e29 to f09ab56180 2026-05-22 12:00:18 +02:00 Compare

renovate changed title from chore(deps): update dependency bandit to v1.11.1 to Update dependency bandit to v1.11.1 2026-05-22 12:00:18 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from f09ab56180 to 0b6a59ff62 2026-05-22 15:00:19 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 0b6a59ff62 to 11cd6f2b3a 2026-05-22 18:00:16 +02:00 Compare

renovate changed title from Update dependency bandit to v1.11.1 to chore(deps): update dependency bandit to v1.11.1 2026-05-23 12:00:16 +02:00

renovate force-pushed renovate/bandit-1.x-lockfile from 11cd6f2b3a to 8a8f7045b4 2026-05-23 12:00:17 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 8a8f7045b4 to 6ab695d7b2 2026-05-23 15:00:17 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 6ab695d7b2 to 6219424bf5 2026-05-24 00:00:16 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 6219424bf5 to 9d1fcafe28 2026-05-24 12:00:15 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 9d1fcafe28 to 98246bee81 2026-05-24 15:00:15 +02:00 Compare

renovate force-pushed renovate/bandit-1.x-lockfile from 98246bee81 to 16b83ea53b 2026-05-24 21:00:15 +02:00 Compare

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/bandit-1.x-lockfile:renovate/bandit-1.x-lockfile

git switch renovate/bandit-1.x-lockfile

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

Area

Micropub

  

Compat

Breaking

Breaking change that won't be backward compatible

  

Kind

Bug

Something is not working

  

Kind

Documentation

Documentation changes

  

Kind

Enhancement

Improve existing functionality

  

Kind

Feature

New functionality

  

Kind

Infra

  

Kind

Security

This is security issue

  

Kind

Testing

Issue or pull request related to testing

  

Priority

Critical

The priority is critical

  

Priority

High

The priority is high

  

Priority

Low

The priority is low

  

Priority

Medium

The priority is medium

  

Reviewed

Confirmed

Issue has been confirmed

  

Reviewed

Duplicate

This issue or pull request already exists

  

Reviewed

Invalid

Invalid issue

  

Reviewed

Won't Fix

This issue won't be fixed

  

Status

Abandoned

Somebody has started to work on this but abandoned work

  

Status

Blocked

Something is blocking this issue or pull request

  

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No labels

Area

Micropub

Compat

Breaking

Kind

Bug

Kind

Documentation

Kind

Enhancement

Kind

Feature

Kind

Infra

Kind

Security

Kind

Testing

Priority

Critical

Priority

High

Priority

Low

Priority

Medium

Reviewed

Confirmed

Reviewed

Duplicate

Reviewed

Invalid

Reviewed

Won't Fix

Status

Abandoned

Status

Blocked

Status

Need More Info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

inhji/hajur!130

No description provided.