Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes CVE CI job #4429

Merged
merged 1 commit into from
May 10, 2019
Merged

Fixes CVE CI job #4429

merged 1 commit into from
May 10, 2019

Conversation

zenmonkeykstop
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop commented May 10, 2019
edited
Loading

Status

Ready for review

Description of Changes

Fixes #4424

Changes proposed in this pull request:
In Makefile bandit target, blacklists bandit 1.6.0 due to directory exclusion bug, installs latest pip. (A fix for the directory exclusion bug as mentioned here: PyCQA/bandit#488 will be forthcoming in v1.6.1 - it shouldn't be necessary to roll back the Makefile change when this happens.)

Testing

This should fix the CI CVE check job. To test it locally, check out the branch and run make bandit

Deployment

No deployment, CI fix only

@eloquence
Copy link
Member

Works locally for me:

Run started:2019-05-10 16:35:37.320497

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 8640
	Total lines skipped (#nosec): 7

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 306
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 306
Files skipped (1):
	./journalist_gui/journalist_gui/SecureDropUpdater.py (syntax error while parsing AST from file)

@zenmonkeykstop zenmonkeykstop requested a review from conorsch May 10, 2019 16:44
conorsch
conorsch approved these changes May 10, 2019
View reviewed changes
Copy link
Contributor

@conorsch conorsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works for me locally, and CI is passing! 👍

@conorsch conorsch merged commit ac5c921 into freedomofpress:develop May 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conorsch conorsch conorsch approved these changes

@emkll emkll Awaiting requested review from emkll

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bandit CI job failure on develop
3 participants
@zenmonkeykstop @eloquence @conorsch