cookiecutter-hypermodern-python icon indicating copy to clipboard operation
cookiecutter-hypermodern-python copied to clipboard

Published 20 hours ago verified publisher icon cjolowicz

Proposal: using bandit directly instead of flake8-bandit

Open staticdev opened this issue 2 years ago • 1 comments

I think this plugin is unnecessary since it is possible to add bandit directly on pre-commit:

https://github.com/PyCQA/bandit/blob/main/.pre-commit-hooks.yaml

flake8-bandit is barely maintained compared to flake8 and bandit, it is now not compatible with flake8 5.0.0+. On March 2022 it broke because of new bandit version.

What do you think?

staticdev avatar Aug 01 '22 18:08 staticdev

FYI flake8 5.0.0 (07-30-2022) and flake8_bandit.py are not compatible.

  • https://github.com/tylerwince/flake8-bandit/issues/33
  • https://github.com/tylerwince/flake8-bandit/pull/35

Specifically: flake8_bandit.py cannot import name ConfigFileFinder from flake8.options.config

Workaround:

poetry remove --dev flake8 
poetry add --dev "flake8==4.0.1"

Which effects:

• Updating mccabe (0.7.0 -> 0.6.1)
• Updating pycodestyle (2.9.1 -> 2.8.0)
• Updating pyflakes (2.5.0 -> 2.4.0)
• Updating flake8 (5.0.4 -> 4.0.1)

wcDogg avatar Aug 06 '22 07:08 wcDogg