David Salvisberg

For interoperability between the reference implementation through direct use of bandit and ruff it would be nice to support `nosec` comments in addition to `noqa`. There is also an open...

While I do agree this is a commendable goal in most cases, in this specific case I would have to disagree, since bandit is a security linter, a lot of...

@malthe Have you had a look at `flake8-bugbear` and some of the other flake8 plugins out there? I find flake8 with some plugins + static analysis through a type checker...

On the note of tooling, have you considered adding [pre-commit](https://pre-commit.com/)? I use it pretty much in all my projects now and it's saved me a lot of headaches. It's really...

@malthe flake8-bugbear is an AST plugin, so you probably could implement that exception to the rule fairly easily and contribute it. Generally you can achieve a lot with plugins, the...

There's sort of already an existing pull request for this #877 (it uses the flask alias `flask.Markup` though) and was soft-rejected on the basis of being maybe too narrow for...

> Absolutely, the rule should not trigger for literal content (though it should for f-strings, I've no idea whether bandit can easily make the distinction as I know nothing of...

@ericwb @lukehinds @sigmavirus24 I would love for one of the maintainers to chime in on this.

There's also this existing discussion on the Python Discourse: https://discuss.python.org/t/extend-the-typing-final-type-qualifier-to-support-function-arguments/41916 I personally don't think `Final` is a good equivalent for the absence of Rust's `mut`. They actually mean quite different...

Yes, but that's not what `Final` means. `Final` is closer to `const`, i.e. you can't reassign the name to something else, but it doesn't prevent mutations. ```python x: Final[dict[str, int]]...