add bandit, fix vulnerabilities & bump pre-commit-config

[vvssttkk]

close #61
continue #424

[aguschin]

Thanks! Some failed tests are caused by this PR changes, some aren't. I'm going to resolve the second and ping you once it's ready. Not sure why the ERRORs though - looks like it's because of this PR changes, but tests "work on my computer" 🤔

[aguschin]

@vvssttkk, fixed few failed tests I was talking about. Please investigate others. E.g. one of the frequent failures I reproduced in 3.7:

tmp %f $ python                                                                                                                                   181ms
Python 3.7.10 (default, Jun 25 2021, 16:52:37)
[Clang 12.0.5 (clang-1205.0.22.11)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> hashlib.md5()
<md5 HASH object @ 0x109a1bdb0>
>>> hashlib.md5(userforsecurity=False)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: openssl_md5() takes no keyword arguments
>>>

[vvssttkk]

@vvssttkk, fixed few failed tests I was talking about. Please investigate others. E.g. one of the frequent failures I reproduced in 3.7:

tmp %f $ python                                                                                                                                   181ms
Python 3.7.10 (default, Jun 25 2021, 16:52:37)
[Clang 12.0.5 (clang-1205.0.22.11)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> hashlib.md5()
<md5 HASH object @ 0x109a1bdb0>
>>> hashlib.md5(userforsecurity=False)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: openssl_md5() takes no keyword arguments
>>>

but usedforsecurity, not userforsecurity
for example

>>> import hashlib
>>> hashlib.md5()
<md5 _hashlib.HASH object @ 0x7fcc9a3e5670>
>>> hashlib.md5(usedforsecurity=False)
<md5 _hashlib.HASH object @ 0x7fcc9a3e5490>

[codecov]

Codecov Report

Base: 87.62% // Head: 86.83% // Decreases project coverage by -0.79% ⚠️

Coverage data is based on head (8ab0d04) compared to base (d60f3cf).
Patch coverage: 73.17% of modified lines in pull request are covered.

❗ Current head 8ab0d04 differs from pull request most recent head 1ff102e. Consider uploading reports for the commit 1ff102e to get more accurate results

Additional details and impacted files

@@                Coverage Diff                @@
##           release/0.3.0     #444      +/-   ##
=================================================
- Coverage          87.62%   86.83%   -0.80%     
=================================================
  Files                 94       94              
  Lines               7847     7732     -115     
=================================================
- Hits                6876     6714     -162     
- Misses               971     1018      +47     

Impacted Files	Coverage Δ
mlem/api/__init__.py	100.00% <ø> (ø)
mlem/cli/apply.py	94.23% <ø> (ø)
mlem/cli/build.py	100.00% <ø> (ø)
mlem/cli/checkenv.py	100.00% <ø> (ø)
mlem/cli/clone.py	100.00% <ø> (ø)
mlem/cli/dev.py	50.00% <ø> (ø)
mlem/cli/import_object.py	100.00% <ø> (ø)
mlem/cli/init.py	100.00% <ø> (ø)
mlem/cli/link.py	100.00% <ø> (ø)
mlem/cli/serve.py	89.47% <ø> (ø)
... and 72 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[aguschin]

Nice! Looks like a black formatting fails, but everything else works!

[aguschin]

Great! Thank you @vvssttkk! Merging this! 🚀

[mertbozkir]

Hello @vvssttkk, how can I get in touch with you? Can you reach me from any platform? We have something for you! 🤓

[vvssttkk]

Hello @vvssttkk, how can I get in touch with you? Can you reach me from any platform? We have something for you! 🤓

@mertbozkir emailed you back yesterday