Bump senzing-core from 0.3.5 to 0.3.7

[dependabot]

Bumps senzing-core from 0.3.5 to 0.3.7.

Release notes

Sourced from senzing-core's releases.

0.3.7

See CHANGELOG.md

0.3.6

See CHANGELOG.md

Changelog

Sourced from senzing-core's changelog.

[0.3.7] - 2025-04-18

Changed in 0.3.7

• Case on example variables

Removed in 0.3.7

• Empty example files for early adaptor methods that are not documented

[0.3.6] - 2025-04-17

Added in 0.3.6

• Expanded test coverage
• Check and raise SzSdkError for wrong types in _helpers.py build functions

Changed in 0.3.6

• Simplified escaping JSON strings in _helpers.py
• Changed exception capturing, raising, and messages for errors occurring within the SDK
• Tests previously catching TypeError now catch SzSdkError

Removed in 0.3.6

• SDK_EXCEPTION_MAP and functions, replaced with use of SzSdkError
• Shebang in modules

Commits

• c8010ea 230 ant 1 (#231)
• 2ddf654 140 ant 2 (#229)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[senzingdevops]

Automated: approving this pull request because it includes a patch update

[github-actions]

🛡️ Bandit Scan Results Summary

We found 2 High, 2 Medium, and 1 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID
🟡 LOW	Consider possible security implications associated with the subprocess module.	sz_tools/_tool_helpers.py	14	HIGH	More Info	B404
⚪ MEDIUM	Possible SQL injection vector through string-based query construction.	sz_tools/_sz_database.py	354	LOW	More Info	B608
⚪ MEDIUM	Probable insecure usage of temp file/directory.	sz_tools/_tool_helpers.py	738	MEDIUM	More Info	B108
🔴 HIGH	Starting a process with a shell, possible injection detected, security issue.	sz_tools/_tool_helpers.py	662	HIGH	More Info	B605
🔴 HIGH	subprocess call with shell=True identified, security issue.	sz_tools/_tool_helpers.py	645	HIGH	More Info	B602

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.