Eric Brown

@tucked Good catch. Seems timeout arg gets missed as the node is an ast.BinOp. The context._get_literal_value() doesn't handle BinOp and defaults to None.

There are some limitations in what Bandit can identify. So in the case of BinOp node, Bandit would be required to evaluate the value (possibly via eval()). But BinOp nodes...

rich.console also has the capability to render links in a terminal which could be useful.

concat_string is an internal function with a specific use. The problem as stated above implies this is a open function for any application. That is not its intention. Please describe...

> If we're going to try to parse/unparse AST we should consider using libcst instead Yeah, I did consider libcst initially, but thought the changes would be too drastic. There...

> @ericwb or anyone else: would you review my implementation for ruff: see [astral-sh/ruff#2811 (comment)](https://github.com/astral-sh/ruff/pull/2811#issuecomment-1644006896) In my opinion, I think the best way to handle (SQL, command, ssh, LDAP, etc)...

> Which API endpoint were you trying to access? `/repos/{owner_repo}/pulls/{pull_number}/reviews`

Here's a code snippet at the very least. The issue seems to be a validation error as a result of using start_line instead of position. ``` self.comments.append({ "path": file_name, "body":...

The vmware-tanzu org itself is also not verified due to the following. I'm not sure if this is a cache-22, but sure reads like it: `There must be 1 or...

By the way, maybe this issue isn't strictly on the meta repo since in order to support default files, a new repo called ".github" would need to be created.