Skip to content

Resolve bandit warnings#2379

Merged
staticdev merged 2 commits intoPyCQA:mainfrom
kurtmckee:bandit-warnings
Apr 5, 2025
Merged

Resolve bandit warnings#2379
staticdev merged 2 commits intoPyCQA:mainfrom
kurtmckee:bandit-warnings

Conversation

@kurtmckee
Copy link
Contributor

@kurtmckee kurtmckee commented Mar 4, 2025

The nosec flags benefit from human-readable explanation, but bandit was seeing the trailing text and throwing warnings:

WARNING Test in comment: Needed is not a test name or id, ignoring
WARNING Test in comment: for is not a test name or id, ignoring
WARNING Test in comment: gitignore is not a test name or id, ignoring
WARNING Test in comment: support is not a test name or id, ignoring

This is addressed by using another # character to hide the text.

@codecov
Copy link

codecov bot commented Mar 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.16%. Comparing base (2985bca) to head (e42578f).
Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2379   +/-   ##
=======================================
  Coverage   99.16%   99.16%           
=======================================
  Files          40       40           
  Lines        3101     3101           
  Branches      680      680           
=======================================
  Hits         3075     3075           
  Misses         15       15           
  Partials       11       11
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

staticdev
staticdev reviewed Mar 17, 2025
View reviewed changes
staticdev
staticdev requested changes Mar 18, 2025
View reviewed changes
staticdev
staticdev reviewed Mar 18, 2025
View reviewed changes
@kurtmckee @staticdev
Resolve bandit warnings
3a0138b 
The `nosec` flags benefit from human-readable explanation,
but bandit was seeing the trailing text and throwing warnings:

```
WARNING Test in comment: Needed is not a test name or id, ignoring
WARNING Test in comment: for is not a test name or id, ignoring
WARNING Test in comment: gitignore is not a test name or id, ignoring
WARNING Test in comment: support is not a test name or id, ignoring
```

This is addressed by using another `#` character to hide the text.
@kurtmckee @staticdev
Feedback: Remove context from nosec bandit comments
e42578f
staticdev
staticdev approved these changes Mar 22, 2025
View reviewed changes
Copy link
Collaborator

@staticdev staticdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @kurtmckee, thanks.

@kurtmckee
Copy link
Contributor Author

kurtmckee commented Apr 4, 2025

Friendly ping. 😁

@staticdev staticdev added this pull request to the merge queue Apr 5, 2025
@staticdev
Copy link
Collaborator

staticdev commented Apr 5, 2025

@kurtmckee forgot to click merge haha

Merged via the queue into PyCQA:main with commit db88404 Apr 5, 2025
21 checks passed
@kurtmckee kurtmckee deleted the bandit-warnings branch April 5, 2025 20:42
luketainton pushed a commit to luketainton/repos_roboluke that referenced this pull request Oct 2, 2025
@luketainton
chore(deps): update dependency isort to <6.1.1,>=6.1.0 (#380)
bda1735 
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [isort](https://github.com/PyCQA/isort) ([changelog](https://github.com/PyCQA/isort/releases)) | `<6.1.0,>=6.0.0` -> `<6.1.1,>=6.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/isort/6.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/isort/6.0.1/6.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>PyCQA/isort (isort)</summary>

### [`v6.1.0`](https://github.com/PyCQA/isort/releases/tag/6.1.0)

[Compare Source](PyCQA/isort@6.0.1...6.1.0)

#### Changes

- Update docs discussions channel ([#&#8203;2410](PyCQA/isort#2410)) [@&#8203;staticdev](https://github.com/staticdev)
- Add python 3.14 classifier and badge ([#&#8203;2409](PyCQA/isort#2409)) [@&#8203;staticdev](https://github.com/staticdev)
- Drop use of non-standard pkg\_resources API ([#&#8203;2405](PyCQA/isort#2405)) [@&#8203;dvarrazzo](https://github.com/dvarrazzo)
- Use working isort version in pre-commit example ([#&#8203;2402](PyCQA/isort#2402)) [@&#8203;iainelder](https://github.com/iainelder)
- fix typo in \_get\_files\_from\_dir\_cached test ([#&#8203;2392](PyCQA/isort#2392)) [@&#8203;tiltingpenguin](https://github.com/tiltingpenguin)
- Resolve bandit warnings ([#&#8203;2379](PyCQA/isort#2379)) [@&#8203;kurtmckee](https://github.com/kurtmckee)
- Add tox for cross-platform, parallel test suite execution ([#&#8203;2378](PyCQA/isort#2378)) [@&#8203;kurtmckee](https://github.com/kurtmckee)
- Add Project URLs to PyPI Side Panel ([#&#8203;2387](PyCQA/isort#2387)) [@&#8203;guillermodotn](https://github.com/guillermodotn)
- Fix typos ([#&#8203;2376](PyCQA/isort#2376)) [@&#8203;co63oc](https://github.com/co63oc)

#### :construction\_worker: Continuous Integration

- Add make bash scripts portable ([#&#8203;2377](PyCQA/isort#2377)) [@&#8203;staticdev](https://github.com/staticdev)

#### 📦 Dependencies

- Bump actions/checkout from 4 to 5 in the github-actions group ([#&#8203;2406](PyCQA/isort#2406)) @&#8203;[dependabot\[bot\]](https://github.com/apps/dependabot)
- Bump astral-sh/setup-uv from 5 to 6 in the github-actions group ([#&#8203;2395](PyCQA/isort#2395)) @&#8203;[dependabot\[bot\]](https://github.com/apps/dependabot)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzIuNSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMi41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==-->

Reviewed-on: https://git.tainton.uk/repos/roboluke/pulls/380
Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
luketainton pushed a commit to luketainton/repos_epage that referenced this pull request Oct 7, 2025
@luketainton
chore(deps): update dependency isort to <6.1.1,>=6.1.0 (#164)
d1ca8cf 
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [isort](https://github.com/PyCQA/isort) ([changelog](https://github.com/PyCQA/isort/releases)) | `<6.1.0,>=6.0.0` -> `<6.1.1,>=6.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/isort/6.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/isort/6.0.1/6.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>PyCQA/isort (isort)</summary>

### [`v6.1.0`](https://github.com/PyCQA/isort/releases/tag/6.1.0)

[Compare Source](PyCQA/isort@6.0.1...6.1.0)

#### Changes

- Update docs discussions channel ([#&#8203;2410](PyCQA/isort#2410)) [@&#8203;staticdev](https://github.com/staticdev)
- Add python 3.14 classifier and badge ([#&#8203;2409](PyCQA/isort#2409)) [@&#8203;staticdev](https://github.com/staticdev)
- Drop use of non-standard pkg\_resources API ([#&#8203;2405](PyCQA/isort#2405)) [@&#8203;dvarrazzo](https://github.com/dvarrazzo)
- Use working isort version in pre-commit example ([#&#8203;2402](PyCQA/isort#2402)) [@&#8203;iainelder](https://github.com/iainelder)
- fix typo in \_get\_files\_from\_dir\_cached test ([#&#8203;2392](PyCQA/isort#2392)) [@&#8203;tiltingpenguin](https://github.com/tiltingpenguin)
- Resolve bandit warnings ([#&#8203;2379](PyCQA/isort#2379)) [@&#8203;kurtmckee](https://github.com/kurtmckee)
- Add tox for cross-platform, parallel test suite execution ([#&#8203;2378](PyCQA/isort#2378)) [@&#8203;kurtmckee](https://github.com/kurtmckee)
- Add Project URLs to PyPI Side Panel ([#&#8203;2387](PyCQA/isort#2387)) [@&#8203;guillermodotn](https://github.com/guillermodotn)
- Fix typos ([#&#8203;2376](PyCQA/isort#2376)) [@&#8203;co63oc](https://github.com/co63oc)

#### :construction\_worker: Continuous Integration

- Add make bash scripts portable ([#&#8203;2377](PyCQA/isort#2377)) [@&#8203;staticdev](https://github.com/staticdev)

#### 📦 Dependencies

- Bump actions/checkout from 4 to 5 in the github-actions group ([#&#8203;2406](PyCQA/isort#2406)) @&#8203;[dependabot\[bot\]](https://github.com/apps/dependabot)
- Bump astral-sh/setup-uv from 5 to 6 in the github-actions group ([#&#8203;2395](PyCQA/isort#2395)) @&#8203;[dependabot\[bot\]](https://github.com/apps/dependabot)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzIuNSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMi41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==-->

Reviewed-on: https://git.tainton.uk/repos/epage/pulls/164
Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
luketainton pushed a commit to luketainton/repos_webexmemebot that referenced this pull request Jan 5, 2026
@luketainton
chore(deps): update dependency isort to <6.1.1,>=6.1.0 (#510)
fdebc84 
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [isort](https://github.com/PyCQA/isort) ([changelog](https://github.com/PyCQA/isort/releases)) | `<6.1.0,>=6.0.0` -> `<6.1.1,>=6.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/isort/6.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/isort/6.0.1/6.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>PyCQA/isort (isort)</summary>

### [`v6.1.0`](https://github.com/PyCQA/isort/releases/tag/6.1.0)

[Compare Source](PyCQA/isort@6.0.1...6.1.0)

#### Changes

- Update docs discussions channel ([#&#8203;2410](PyCQA/isort#2410)) [@&#8203;staticdev](https://github.com/staticdev)
- Add python 3.14 classifier and badge ([#&#8203;2409](PyCQA/isort#2409)) [@&#8203;staticdev](https://github.com/staticdev)
- Drop use of non-standard pkg\_resources API ([#&#8203;2405](PyCQA/isort#2405)) [@&#8203;dvarrazzo](https://github.com/dvarrazzo)
- Use working isort version in pre-commit example ([#&#8203;2402](PyCQA/isort#2402)) [@&#8203;iainelder](https://github.com/iainelder)
- fix typo in \_get\_files\_from\_dir\_cached test ([#&#8203;2392](PyCQA/isort#2392)) [@&#8203;tiltingpenguin](https://github.com/tiltingpenguin)
- Resolve bandit warnings ([#&#8203;2379](PyCQA/isort#2379)) [@&#8203;kurtmckee](https://github.com/kurtmckee)
- Add tox for cross-platform, parallel test suite execution ([#&#8203;2378](PyCQA/isort#2378)) [@&#8203;kurtmckee](https://github.com/kurtmckee)
- Add Project URLs to PyPI Side Panel ([#&#8203;2387](PyCQA/isort#2387)) [@&#8203;guillermodotn](https://github.com/guillermodotn)
- Fix typos ([#&#8203;2376](PyCQA/isort#2376)) [@&#8203;co63oc](https://github.com/co63oc)

#### :construction\_worker: Continuous Integration

- Add make bash scripts portable ([#&#8203;2377](PyCQA/isort#2377)) [@&#8203;staticdev](https://github.com/staticdev)

#### 📦 Dependencies

- Bump actions/checkout from 4 to 5 in the github-actions group ([#&#8203;2406](PyCQA/isort#2406)) @&#8203;[dependabot\[bot\]](https://github.com/apps/dependabot)
- Bump astral-sh/setup-uv from 5 to 6 in the github-actions group ([#&#8203;2395](PyCQA/isort#2395)) @&#8203;[dependabot\[bot\]](https://github.com/apps/dependabot)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzIuNSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMi41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==-->

Reviewed-on: https://git.tainton.uk/repos/webexmemebot/pulls/510
Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@staticdev staticdev staticdev approved these changes

@DanielNoord DanielNoord DanielNoord approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kurtmckee @staticdev @DanielNoord