chore(sdk): update dependency black to v26 [security] (#11290)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>

Author: renovate[bot]

contrib/inventory-graph/lib/inventory_output.py

@@ -16,7 +16,6 @@
 from prowler.lib.logger import logger
 from lib.models import ConnectivityGraph
 
-
 # ---------------------------------------------------------------------------
 # JSON output
 # ---------------------------------------------------------------------------

prowler/CHANGELOG.md

@@ -23,6 +23,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 
 ### 🔐 Security
 
+- `black` from 25.1.0 to 26.3.1, patching a known vulnerability in the SDK formatter dependency [(#11290)](https://github.com/prowler-cloud/prowler/pull/11290)
 - `microsoft-kiota-*` to 1.9.9 and `aiohttp` to 3.14.0, patching known CVEs [(#11596)](https://github.com/prowler-cloud/prowler/pull/11596)
 - Container base image bumped to `python:3.12.13-slim-bookworm` (patches `libgnutls30` CVE-2026-33845 and CVE-2026-42010) and `trivy` bumped to 0.71.0 (patches embedded `golang.org/x/crypto` and Go stdlib CVEs); `.trivyignore` documents remaining bookworm criticals with no-fix or not-affected rationale [(#11592)](https://github.com/prowler-cloud/prowler/pull/11592)
 

prowler/lib/banner.py

@@ -28,15 +28,13 @@ def print_banner(legend: bool = False, provider: str = None):
     print_prowler_cloud_banner(provider)
 
     if legend:
-        print(
-            f"""
+        print(f"""
 {Style.BRIGHT}Color code for results:{Style.RESET_ALL}
 - {Fore.YELLOW}MANUAL (Manual check){Style.RESET_ALL}
 - {Fore.GREEN}PASS (Recommended value){Style.RESET_ALL}
 - {orange_color}MUTED (Muted by muted list){Style.RESET_ALL}
 - {Fore.RED}FAIL (Fix required){Style.RESET_ALL}
-            """
-        )
+            """)
 
 
 def print_prowler_cloud_banner(provider: str = None):
@@ -56,8 +54,7 @@ def print_prowler_cloud_banner(provider: str = None):
     """
     check = f"{Fore.GREEN}✓{Style.RESET_ALL}"
     bar = f"{banner_color}│{Style.RESET_ALL}"
-    print(
-        f"""
+    print(f"""
 {bar} {Style.BRIGHT}You're getting a snapshot 📸. Prowler Cloud gives you the full picture:{Style.RESET_ALL}
 {bar}
 {bar} {check} {Style.BRIGHT}Continuous Security Monitoring{Style.RESET_ALL} - scheduled scans with history, trends and alerts.
@@ -70,5 +67,4 @@ def print_prowler_cloud_banner(provider: str = None):
 {bar} {check} {Style.BRIGHT}Integrations{Style.RESET_ALL} - Anything with our MCP + Jira, Slack, AWS Security Hub, Amazon S3, SSO and RBAC.
 {bar}
 {bar} {Fore.BLUE}Start free at 👉 cloud.prowler.com{Style.RESET_ALL}
-"""
-    )
+""")

prowler/lib/outputs/html/html.py

@@ -73,8 +73,7 @@ def transform(self, findings: list[Finding]) -> None:
                 elif finding.status == "FAIL":
                     row_class = "table-danger"
 
-                self._data.append(
-                    f"""
+                self._data.append(f"""
                         <tr class="{row_class}">
                             <td>{finding_status}</td>
                             <td>{finding.metadata.Severity.value}</td>
@@ -89,8 +88,7 @@ def transform(self, findings: list[Finding]) -> None:
                             <td><p class="show-read-more">{HTML.process_markdown(finding.metadata.Remediation.Recommendation.Text)}</p> <a class="read-more" href="{finding.metadata.Remediation.Recommendation.Url}"><i class="fas fa-external-link-alt"></i></a></td>
                             <td><p class="show-read-more">{parse_html_string(unroll_dict(finding.compliance, separator=": "))}</p></td>
                         </tr>
-                        """
-                )
+                        """)
         except Exception as error:
             logger.error(
                 f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -143,8 +141,7 @@ def write_header(
             from_cli (bool): whether the request is from the CLI or not
         """
         try:
-            file_descriptor.write(
-                f"""<!DOCTYPE html>
+            file_descriptor.write(f"""<!DOCTYPE html>
     <html lang="en">
     <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -253,8 +250,7 @@ def write_header(
                     <th scope="col">Compliance</th>
                 </tr>
             </thead>
-            <tbody>"""
-            )
+            <tbody>""")
         except Exception as error:
             logger.error(
                 f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
@@ -269,8 +265,7 @@ def write_footer(file_descriptor: TextIOWrapper) -> None:
             file_descriptor (file): the file descriptor to write the footer
         """
         try:
-            file_descriptor.write(
-                """
+            file_descriptor.write("""
             </tbody>
             </table>
         </div>
@@ -409,8 +404,7 @@ def write_footer(file_descriptor: TextIOWrapper) -> None:
 </body>
 
 </html>
-"""
-            )
+""")
         except Exception as error:
             logger.error(
                 f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"

pyproject.toml

@@ -5,7 +5,7 @@ requires = ["hatchling"]
 [dependency-groups]
 dev = [
   "bandit==1.8.3",
-  "black==25.1.0",
+  "black==26.3.1",
   "coverage==7.6.12",
   "docker==7.1.0",
   "filelock==3.20.3",
@@ -205,7 +205,7 @@ constraint-dependencies = [
   "azure-core==1.41.0",
   "azure-mgmt-core==1.6.0",
   "bandit==1.8.3",
-  "black==25.1.0",
+  "black==26.3.1",
   "blinker==1.9.0",
   "certifi==2026.4.22",
   "cffi==2.0.0",
@@ -325,6 +325,7 @@ constraint-dependencies = [
   "pytest-env==1.1.5",
   "pytest-randomly==3.16.0",
   "pytest-xdist==3.6.1",
+  "pytokens==0.4.1",
   "pywin32==311",
   "pyyaml==6.0.3",
   "referencing==0.36.2",

tests/lib/outputs/outputs_test.py

@@ -51,9 +51,7 @@ def test_unroll_list_separator(self):
 
     def test_parse_html_string(self):
         string = "CISA: your-systems-3, your-data-1, your-data-2 | CIS-1.4: 2.1.1 | CIS-1.5: 2.1.1 | GDPR: article_32 | AWS-Foundational-Security-Best-Practices: s3 | HIPAA: 164_308_a_1_ii_b, 164_308_a_4_ii_a, 164_312_a_2_iv, 164_312_c_1, 164_312_c_2, 164_312_e_2_ii | GxP-21-CFR-Part-11: 11.10-c, 11.30 | GxP-EU-Annex-11: 7.1-data-storage-damage-protection | NIST-800-171-Revision-2: 3_3_8, 3_5_10, 3_13_11, 3_13_16 | NIST-800-53-Revision-4: sc_28 | NIST-800-53-Revision-5: au_9_3, cm_6_a, cm_9_b, cp_9_d, cp_9_8, pm_11_b, sc_8_3, sc_8_4, sc_13_a, sc_16_1, sc_28_1, si_19_4 | ENS-RD2022: mp.si.2.aws.s3.1 | NIST-CSF-1.1: ds_1 | RBI-Cyber-Security-Framework: annex_i_1_3 | FFIEC: d3-pc-am-b-12 | PCI-3.2.1: s3 | FedRamp-Moderate-Revision-4: sc-13, sc-28 | FedRAMP-Low-Revision-4: sc-13 | KISA-ISMS-P-2023: 2.6.1 | KISA-ISMS-P-2023-korean: 2.6.1"
-        assert (
-            parse_html_string(string)
-            == """
+        assert parse_html_string(string) == """
 •CISA: your-systems-3, your-data-1, your-data-2
 
 •CIS-1.4: 2.1.1
@@ -94,7 +92,6 @@ def test_parse_html_string(self):
 
 •KISA-ISMS-P-2023-korean: 2.6.1
 """
-        )
 
     def test_unroll_tags(self):
         dict_list = [