Update Bandit to 1.7.2, Go deps to latest available
What does this MR do?
Monthly update for 14.8.
- I pulled in the latest Bandit version.
- Note that the CHANGELOG had a change in 1.7.1 that Bandit says is in 1.7.2. I moved it to this release in the CHANGELOG to match.
- I updated direct dependencies in
go.mod
that had updates available. I didn't attempt to update transitive dependencies in any way.
What are the relevant issue numbers?
Part of https://gitlab.com/gitlab-org/security-products/release/-/issues/118
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Daniel Paul Searles