Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update bandit to 1.7.0 #5671

Merged
merged 1 commit into from
Dec 16, 2020
Merged

Update bandit to 1.7.0 #5671

merged 1 commit into from
Dec 16, 2020

Conversation

rmol
Copy link
Contributor

@rmol rmol commented Dec 15, 2020

Status

Ready for review

Description of Changes

The 322 test was not yet deprecated in our last pinned version (1.4.0) so removing it from the skip list in #5670 broke in local environments in which bandit wasn't upgraded (as is done each run in CI).

Also, 1.4.0 didn't yet support glob patterns in bandit's --exclude option, so running it locally would take forever as the .venv directory was scanned.

Testing

Verify current problems

  • rm -rf .venv && make venv && . .venv/bin/activate
  • make bandit: It should take forever and complain about test 322.

Verify fix

  • check out this branch with git checkout -b upgrade-bandit origin/upgrade-bandit
  • create a virtualenv with new bandit: rm -rf .venv && make venv && . .venv/bin/activate
  • run make bandit: It should only check 76 files, finish quickly, and not complain about test 322.

Deployment

dev only.

Checklist

If you made changes to the server application code:

  • Linting (make lint) and tests (make test) pass in the development container

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

Choose one of the following:

  • I have opened a PR in the docs repo for these changes, or will do so later
  • I would appreciate help with the documentation
  • These changes do not require documentation

@rmol
Update bandit to 1.7.0
2921297 
The 322 test was not yet deprecated in our last pinned version (1.4.0)
so removing it from the skip list in #5670 broke in local environments
in which bandit wasn't upgraded (as is done each run in CI).

Also, 1.4.0 didn't yet support glob patterns in bandit's --exclude
option, so running it locally would take forever as the .venv
directory was scanned.
@zenmonkeykstop zenmonkeykstop self-assigned this Dec 15, 2020
zenmonkeykstop
zenmonkeykstop approved these changes Dec 16, 2020
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test plan passed and only deps change is in develop-requirements.txt, so this is cool to go.

@zenmonkeykstop zenmonkeykstop merged commit 2e513b1 into develop Dec 16, 2020
@rmol rmol deleted the upgrade-bandit branch January 25, 2021 18:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

@kushaldas kushaldas Awaiting requested review from kushaldas

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees

@zenmonkeykstop zenmonkeykstop

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rmol @zenmonkeykstop