[all][gate] Bandit version 1.8.1 issues
Hi Stackers, I was re-checking some simple Neutron changes and noticed our pep8 job started failing running bandit. Seems there was a new version (1.8.1) just released and it's generating false-positives [0]. I filed a bug against it at [1], and for now I'll just work around it by ignoring B106 warnings in Neutron with [2]. Didn't know if we wanted to pin/denylist it while the issue is addressed as I'm assuming others projects will start seeing the same failure. -Brian [0] https://bugs.launchpad.net/neutron/+bug/2093849 [1] https://github.com/PyCQA/bandit/issues/1216 [2] https://review.opendev.org/c/openstack/neutron/+/939004
On 1/12/25 5:53 PM, Brian Haley wrote:
Hi Stackers,
I was re-checking some simple Neutron changes and noticed our pep8 job started failing running bandit. Seems there was a new version (1.8.1) just released and it's generating false-positives [0].
I filed a bug against it at [1], and for now I'll just work around it by ignoring B106 warnings in Neutron with [2]. Didn't know if we wanted to pin/denylist it while the issue is addressed as I'm assuming others projects will start seeing the same failure.
-Brian 1 [0] https://bugs.launchpad.net/neutron/+bug/2093849 [1] https://github.com/PyCQA/bandit/issues/1216 [2] https://review.opendev.org/c/openstack/neutron/+/939004
Update: Eric Brown reverted the suspect change with [0] and will push a version 1.8.2 shortly. Still not sure if we should tag 1.8.1 as bad. -Brian [0] https://github.com/PyCQA/bandit/pull/1217
participants (1)
-
Brian Haley