Use updated pattern from avoid-pyyaml-load in B506
What does this MR do?
The pattern used in the Bandit B506 rule is out of date.
This demonstrates the issue https://semgrep.dev/playground/s/stevep-arm:bandit.b506?editorMode=advanced
and this shows the updated pattern against the same test case https://semgrep.dev/playground/s/stevep-arm:avoid-pyyaml-load?editorMode=advanced
For this MR I have copied the pattern but not the metadata from the original source of the B506 rule.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer