Stephen Rosen

Given how long of a history this library has, and how stable it's been, I wouldn't want to introduce something onerous for you. But if everyone is writing `>=X`, then...

In case anyone else is trying to figure this out, I've found that this can make `bandit` work with pre-commit: ```shell bandit -c .bandit.yaml -f json -o .bandit_baseline.json \ --exclude...

No, I've changed how the baseline is generated. The sample I provided passes filenames for the baseline exactly the way that pre-commit will pass them to the hook.

I was wondering about this myself. Maybe we could do this by looking at `unicodedata.category` on all characters (possibly too slow?). I'd default to rejecting any code which contains characters...

@asottile, you mean it's insufficient for protecting against homoglyph confusion? That's true, but those attacks predate the recent realization that BiDi control characters can hide source. Most of our codebases...

Sure, I won't argue that it isn't a problem, and maybe I shouldn't have brought up its age. But, as you said, there's nothing productive to do about that short...

Checking file encodings does not seem to be a solution to _this_ issue. I write plenty of code that's all ASCII, but I also write code that uses non-ASCII characters....

Looking at open `typing` issues, I think this one should be closed. If we could gracefully reject `Schema.from_dict({"x": fields.Str})` without causing other issues, I'd be in favor of making changes....

I think polyfield has better a better API in terms of hooks for letting you define the dispatch from input data to a schema to use for loading or dumping....

> There doesn't seem to be a good standard to lean on for type metadata upstream (json/python). I think the closest thing you'll find is jsonschema's `oneOf`. OpenAPI extends jsonschema...