Rework GitPython dependency to be an extra for bandit-baseline #1099
Commits on Jan 21, 2024
-
Rework GitPython dependency to be an extra for bandit-baseline
The only piece of code that requires GitPython is bandit-baseline. There tends to be an abundance of CVEs in the GitPython library due to its dependency on Git. By making GitPython optional via an extra, users who mostly use just the bandit command line and not bandit-baseline can benefit. However, this will require different install if a user wants to use bandit-baseline. This is now noted in the Getting Started doc, but you simply do: pip install bandit[GitPython] FYI, this option was suggested in PR PyCQA#976. PyCQA#976 Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.