Update dependency bandit to v1.7.8

This MR contains the following updates:

Package	Type	Update	Change
bandit (source, changelog)	dev	patch	1.7.7 -> 1.7.8

---

Release Notes

PyCQA/bandit (bandit)

v1.7.8

Compare Source

What's Changed

• Incorrect tag naming in readme by @​lukehinds in https://github.com/PyCQA/bandit/pull/1105
• Utilize PyPI's trusted publishing by @​ericwb in https://github.com/PyCQA/bandit/pull/1107
• Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1109
• Add 1.7.7 to versions of bug template by @​ericwb in https://github.com/PyCQA/bandit/pull/1110
• Use datetime to avoid updating copyright year by @​ericwb in https://github.com/PyCQA/bandit/pull/1112
• filter data is safe for tarfile extractall by @​etienneschalk in https://github.com/PyCQA/bandit/pull/1111
• Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1115
• [B605] Add functions that are vulnerable to shell injection. by @​shihai1991 in https://github.com/PyCQA/bandit/pull/1116
• Add a SARIF output formatter by @​ericwb in https://github.com/PyCQA/bandit/pull/1113

New Contributors

• @​etienneschalk made their first contribution in https://github.com/PyCQA/bandit/pull/1111
• @​shihai1991 made their first contribution in https://github.com/PyCQA/bandit/pull/1116

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.