Make use of rich for progress bar

[ericwb]

The module rich has an excellent and versatile implementation of a
progress bar for Python code. Bandit has an existing custom progress
indicator.

This change makes use of rich for a more visually pleasing progress
bar and more informational by including metrics.

The down side is that this does add another dependency. But I
think it can be useful in the future when implementing multi-process
processing of source code since rich is well adapted for that.

https://github.com/Textualize/rich

Signed-off-by: Eric Brown browne@vmware.com

[sigmavirus24]

For things like this, I've found that rich provides more flexibility and a better UX. I used tqdm in twine and it worked great but we switched to Rich and I've used it on a bunch of projects. It's far nicer and would give us other nice formatting features

[georgthegreat]

rich python package

Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal

This looks like an extreme overkill for rendering a simple progress bar.
The dependency tree for bandit 1.7.5 would be dramatically larger if one could be installed (at the time I am unable to get it work).

Are you sure that replacing a progress bar with a nicer one that necessary?

[georgthegreat]

pipdeptree for bandit 1.7.4 was

$ pipdeptree
bandit==1.7.4
  - GitPython [required: >=1.0.1, installed: 3.1.31]
    - gitdb [required: >=4.0.1,<5, installed: 4.0.10]
      - smmap [required: >=3.0.1,<6, installed: 5.0.0]
  - PyYAML [required: >=5.3.1, installed: 6.0]
  - stevedore [required: >=1.20.0, installed: 5.0.0]
    - pbr [required: >=2.0.0,!=2.1.0, installed: 5.11.1]
pip==23.0.1
pipdeptree==2.7.0
pkg-resources==0.0.0
setuptools==44.0.0

for bandit 1.7.5 it shows

$ pipdeptree
bandit==1.7.5
  - GitPython [required: >=1.0.1, installed: 3.1.31]
    - gitdb [required: >=4.0.1,<5, installed: 4.0.10]
      - smmap [required: >=3.0.1,<6, installed: 5.0.0]
  - PyYAML [required: >=5.3.1, installed: 6.0]
  - rich [required: Any, installed: 13.3.4]
    - markdown-it-py [required: >=2.2.0,<3.0.0, installed: 2.2.0]
      - mdurl [required: ~=0.1, installed: 0.1.2]
    - pygments [required: >=2.13.0,<3.0.0, installed: 2.15.1]
    - typing-extensions [required: >=4.0.0,<5.0, installed: 4.5.0]
  - stevedore [required: >=1.20.0, installed: 5.0.0]
    - pbr [required: >=2.0.0,!=2.1.0, installed: 5.11.1]
pip==23.1
pipdeptree==2.7.0
pkg-resources==0.0.0
setuptools==44.0.0

[georgthegreat]

venv weights 11.1 megabytes (~40%) more with the new version of bandit.

[sigmavirus24]

Start with something small (a progress bar) and then enrich the rest of the experience. Yes it's worth it