New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[flake8-bandit
]: Implement deny-list rules for suspicious member calls
#3239
Conversation
@colin99d - Na we need to tackle severities more holistically, I think. We could consider adding a severity level for all of Bandit...? |
Since AFAIK all Bandit rules have some notion of severity. |
I think adding severity into this rule, and then eventually to all the other ones slowly makes a lot of sense. Then we can just make a bandit-wide (and maybe eventually have this work with other rule sets) rule. |
@charliermarsh, ready! |
Do we inherit this name from |
Agreed. Even if it's inconsistent with Bandit, we should still change it. (I believe we've done that in the past.) |
flake8-bandit
]: blacklist_callsflake8-bandit
]: denylist_calls
98a0816
to
6c2d430
Compare
PR Check ResultsEcosystemℹ️ ecosystem check detected changes. (+135, -0, 0 error(s)) airflow (+64, -0)
+ airflow/cli/commands/standalone_command.py:194:17: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/cli/commands/user_command.py:73:32: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/example_dags/example_branch_operator.py:46:33: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/example_dags/example_branch_operator_decorator.py:44:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/models/xcom.py:654:24: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ airflow/models/xcom.py:661:24: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ airflow/providers/amazon/aws/hooks/base_aws.py:303:15: S320 Using `xml` to parse untrusted data is known to be vulnerable to XML attacks; use `defusedxml` equivalents
+ airflow/providers/amazon/aws/hooks/batch_client.py:481:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/providers/amazon/aws/hooks/batch_client.py:498:21: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/providers/amazon/aws/hooks/batch_client.py:546:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/providers/amazon/aws/operators/datasync.py:274:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/providers/amazon/aws/operators/datasync.py:288:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/providers/ftp/hooks/ftp.py:292:25: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ airflow/providers/ftp/hooks/ftp.py:62:25: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ airflow/providers/google/cloud/hooks/cloud_sql.py:848:39: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/providers/google/cloud/hooks/mlengine.py:68:34: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/providers/google/cloud/hooks/mlengine.py:74:38: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ airflow/providers/google/cloud/utils/mlengine_prediction_summary.py:188:17: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ airflow/providers/google/marketing_platform/operators/display_video.py:291:18: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+ airflow/utils/strings.py:26:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ dev/breeze/src/airflow_breeze/utils/docker_command_utils.py:395:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ dev/breeze/src/airflow_breeze/utils/kubernetes_utils.py:423:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ dev/breeze/src/airflow_breeze/utils/kubernetes_utils.py:95:13: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+ dev/provider_packages/prepare_provider_packages.py:1198:16: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ dev/stats/get_important_pr_candidates.py:371:24: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ scripts/ci/testing/summarize_junit_failures.py:79:12: S314 Using `xml` to parse untrusted data is known to be vulnerable to XML attacks; use `defusedxml` equivalents
+ scripts/in_container/check_junitxml_result.py:31:20: S314 Using `xml` to parse untrusted data is known to be vulnerable to XML attacks; use `defusedxml` equivalents
+ tests/api/client/test_local_client.py:213:29: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/api/common/experimental/test_pool.py:97:29: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/executors/test_kubernetes_executor.py:64:30: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/models/test_cleartasks.py:412:26: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/models/test_dag.py:1602:16: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ tests/models/test_taskinstance.py:3693:17: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ tests/providers/cncf/kubernetes/decorators/test_kubernetes.py:107:21: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ tests/providers/cncf/kubernetes/decorators/test_kubernetes.py:156:21: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ tests/providers/cncf/kubernetes/decorators/test_kubernetes.py:83:21: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/providers/docker/decorators/test_docker.py:37:21: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/providers/docker/decorators/test_docker.py:52:21: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/providers/elasticsearch/log/elasticmock/utilities/__init__.py:51:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/providers/ftp/sensors/test_ftp.py:35:13: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ tests/providers/ftp/sensors/test_ftp.py:36:13: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ tests/providers/ftp/sensors/test_ftp.py:37:13: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ tests/providers/ftp/sensors/test_ftp.py:50:82: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ tests/providers/ftp/sensors/test_ftp.py:63:82: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ tests/providers/ftp/sensors/test_ftp.py:79:13: S321 FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
+ tests/providers/google/cloud/secrets/test_secret_manager_system.py:35:38: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/providers/google/cloud/secrets/test_secret_manager_system.py:56:38: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/providers/oracle/operators/test_oracle.py:92:34: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/providers/ssh/hooks/test_ssh.py:80:22: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/providers/ssh/operators/test_ssh.py:219:25: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/serialization/test_dag_serialization.py:2337:15: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ tests/serialization/test_dag_serialization.py:2421:15: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ tests/system/providers/google/cloud/dataplex/resources/spark_example_pi.py:36:13: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/system/providers/google/cloud/dataplex/resources/spark_example_pi.py:37:13: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/system/providers/google/cloud/tasks/example_queue.py:72:24: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/system/providers/google/cloud/tasks/example_tasks.py:84:24: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/system/providers/qubole/example_qubole.py:107:83: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/test_utils/azure_system_helpers.py:149:31: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/test_utils/get_all_tests.py:52:12: S314 Using `xml` to parse untrusted data is known to be vulnerable to XML attacks; use `defusedxml` equivalents
+ tests/test_utils/perf/perf_kit/repeat_and_time.py:121:21: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/test_utils/perf/perf_kit/repeat_and_time.py:122:21: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tests/utils/test_sqlalchemy.py:274:16: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ tests/utils/test_sqlalchemy.py:275:16: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ tests/utils/test_sqlalchemy.py:308:20: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue bokeh (+12, -0)
+ examples/interaction/js_callbacks/customjs_for_selection.py:22:6: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/interaction/js_callbacks/customjs_for_selection.py:23:6: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/interaction/js_callbacks/customjs_lasso_mean.py:6:6: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/interaction/js_callbacks/customjs_lasso_mean.py:7:6: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/interaction/linking/linked_crosshair.py:7:6: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/interaction/linking/linked_crosshair.py:8:6: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/interaction/widgets/data_table.py:9:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ release/util.py:25:16: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ src/bokeh/sampledata/us_counties.py:97:19: S314 Using `xml` to parse untrusted data is known to be vulnerable to XML attacks; use `defusedxml` equivalents
+ src/bokeh/sampledata/us_states.py:95:19: S314 Using `xml` to parse untrusted data is known to be vulnerable to XML attacks; use `defusedxml` equivalents
+ src/bokeh/util/sampledata.py:185:11: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+ tests/support/plugins/file_server.py:113:13: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected. disnake (+4, -0)
+ examples/basic_bot.py:36:28: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/basic_bot.py:43:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/custom_context.py:47:13: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ examples/guessing_game.py:25:14: S311 Standard pseudo-random generators are not suitable for cryptographic purposes zulip (+55, -0)
+ analytics/lib/fixtures.py:47:30: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ analytics/lib/fixtures.py:53:21: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ corporate/tests/test_stripe.py:3639:46: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ scripts/lib/puppet_cache.py:67:10: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+ scripts/lib/puppet_cache.py:81:14: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+ scripts/lib/zulip_tools.py:51:44: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ tools/droplets/create.py:49:20: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+ tools/droplets/create.py:63:20: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+ tools/droplets/create.py:82:20: S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+ zerver/data_import/import_util.py:205:39: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/data_import/mattermost.py:345:24: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/data_import/rocketchat.py:408:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/data_import/slack.py:1107:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/generate_test_data.py:163:13: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/generate_test_data.py:164:11: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/generate_test_data.py:173:13: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/generate_test_data.py:181:13: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/generate_test_data.py:28:23: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/generate_test_data.py:36:28: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/generate_test_data.py:44:8: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/generate_test_data.py:51:12: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/singleton_bmemcached.py:10:33: S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ zerver/lib/templates.py:175:16: S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+ zerver/lib/templates.py:177:12: S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+ zerver/lib/test_runner.py:33:29: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/lib/upload/local.py:77:24: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/tests/test_subs.py:3738:42: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/tornado/event_queue.py:265:46: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/views/documentation.py:214:61: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zerver/views/video_calls.py:178:25: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1054:26: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1072:19: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1075:17: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1089:53: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1095:30: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1099:53: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1102:25: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1112:30: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1115:31: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1186:25: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1191:30: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:1238:22: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:477:25: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:479:20: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:480:24: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:481:44: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:483:44: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:484:24: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:485:42: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:487:44: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:814:67: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:921:41: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:924:24: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:925:46: S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+ zilencer/management/commands/populate_db.py:958:59: S311 Standard pseudo-random generators are not suitable for cryptographic purposes BenchmarkLinux
Windows
|
359b5c1
to
5b29182
Compare
5b29182
to
be4cad9
Compare
flake8-bandit
]: denylist_callsflake8-bandit
]: Implement deny-list rules for suspicious member calls
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [ruff](https://togithub.com/charliermarsh/ruff) | `^0.0.257` -> `^0.0.258` | [![age](https://badges.renovateapi.com/packages/pypi/ruff/0.0.258/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/ruff/0.0.258/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/ruff/0.0.258/compatibility-slim/0.0.257)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/ruff/0.0.258/confidence-slim/0.0.257)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>charliermarsh/ruff</summary> ### [`v0.0.258`](https://togithub.com/charliermarsh/ruff/releases/tag/v0.0.258) [Compare Source](https://togithub.com/charliermarsh/ruff/compare/v0.0.257...v0.0.258) <!-- Release notes generated using configuration in .github/release.yml at main --> #### What's Changed ##### Rules - \[`flake8-comprehensions`] Update `C416` with dict comprehension (autofixable) by [@​dhruvmanila](https://togithub.com/dhruvmanila) in [astral-sh/ruff#3605 - \[`pylint`]: Implement `assert-on-string-literal` (`W0129`) by [@​latonis](https://togithub.com/latonis) in [astral-sh/ruff#3610 - \[`pyupgrade`] Convert single-argument %-style format calls by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3600 - \[`pyupgrade`] Flag PEP 585 and PEP 604 violations in quoted annotations by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3593 - \[`pyupgrade`] Enable autofix for annotations within 'simple' string literals by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3657 - \[`pyflakes`] Add autofix functionality for `F523` ([#​3613](https://togithub.com/charliermarsh/ruff/issues/3613)) by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3613 - \[`flake8-bandit`]: Implement deny-list rules for suspicious member calls by [@​colin99d](https://togithub.com/colin99d) in [astral-sh/ruff#3239 - \[`flake8-annotations`] Add autofix for `ANN204` with magic methods by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3633 - \[`pylint`] Implement `binary-op-exception` (`PLW0711`) by [@​latonis](https://togithub.com/latonis) in [astral-sh/ruff#3639 - \[`flake8-django`]: Implement rule DJ012 by [@​dhruvmanila](https://togithub.com/dhruvmanila) in [astral-sh/ruff#3659 ##### Bug Fixes - Check exclusions prior to resolving `pyproject.toml` files by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3588 - Fix D417 false positive by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3596 - Avoid removing comment hash for noqa's with trailing content by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3589 - Avoid panics for implicitly-concatenated docstrings by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3584 - Fix infinite loop due to rules `D207` & `W605` by [@​vlindhol](https://togithub.com/vlindhol) in [astral-sh/ruff#3609 - Avoid trimming escaped whitespace in D210 by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3635 - Handle `UP032` autofix with adjacent keywords by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3636 - Consider same-site fixes to be overlapping by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3638 - Avoid `RUF007` fixes for more than two arguments by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3654 - Allow `pairwise` diagnostics for `zip(..., strict=True)` by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3669 - isort: fix bad interaction between `force-sort-within-sections` and `force-to-top` by [@​bluetech](https://togithub.com/bluetech) in [astral-sh/ruff#3645 - Gracefully handle lint panics by [@​MichaReiser](https://togithub.com/MichaReiser) in [astral-sh/ruff#3509 - Fix TRY300 false positive by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3634 - Avoid raising PEP 604 errors with forward-referenced members by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3640 - Avoid attempting infinite `open` fix with re-bound builtin by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3650 - Check indentation level when executing E231 by [@​kyoto7250](https://togithub.com/kyoto7250) in [astral-sh/ruff#3668 - Flag, but don't fix, unused imports (`F401`) in `ModuleNotFoundError` blocks by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3658 #### New Contributors - [@​Rogdham](https://togithub.com/Rogdham) made their first contribution in [astral-sh/ruff#3607 - [@​vlindhol](https://togithub.com/vlindhol) made their first contribution in [astral-sh/ruff#3609 - [@​dhruvmanila](https://togithub.com/dhruvmanila) made their first contribution in [astral-sh/ruff#3605 - [@​luke396](https://togithub.com/luke396) made their first contribution in [astral-sh/ruff#3604 - [@​fuziontech](https://togithub.com/fuziontech) made their first contribution in [astral-sh/ruff#3641 **Full Changelog**: astral-sh/ruff@v0.0.257...v0.0.258 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/ixm-one/pytest-cmake-presets). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNy4xIiwidXBkYXRlZEluVmVyIjoiMzUuMTcuMSJ9--> Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [ruff](https://togithub.com/charliermarsh/ruff) | `==0.0.257` -> `==0.0.259` | [![age](https://badges.renovateapi.com/packages/pypi/ruff/0.0.259/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/ruff/0.0.259/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/ruff/0.0.259/compatibility-slim/0.0.257)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/ruff/0.0.259/confidence-slim/0.0.257)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>charliermarsh/ruff</summary> ### [`v0.0.259`](https://togithub.com/charliermarsh/ruff/releases/tag/v0.0.259) [Compare Source](https://togithub.com/charliermarsh/ruff/compare/v0.0.258...v0.0.259) <!-- Release notes generated using configuration in .github/release.yml at main --> #### Summary Follow-up release to `v0.0.258` to fix an issue related to rule resolution via `select` and `ignore`. #### What's Changed ##### Bug Fixes - Fix RuleSet.remove by [@​MichaReiser](https://togithub.com/MichaReiser) in [astral-sh/ruff#3685 - Respect all rule-exemption sources when suppressing parser errors by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3665 - Avoid nested loops in `missing_whitespace` by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3688 **Full Changelog**: astral-sh/ruff@v0.0.258...v0.0.259 ### [`v0.0.258`](https://togithub.com/charliermarsh/ruff/releases/tag/v0.0.258) [Compare Source](https://togithub.com/charliermarsh/ruff/compare/v0.0.257...v0.0.258) <!-- Release notes generated using configuration in .github/release.yml at main --> #### What's Changed ##### Rules - \[`flake8-comprehensions`] Update `C416` with dict comprehension (autofixable) by [@​dhruvmanila](https://togithub.com/dhruvmanila) in [astral-sh/ruff#3605 - \[`pylint`]: Implement `assert-on-string-literal` (`W0129`) by [@​latonis](https://togithub.com/latonis) in [astral-sh/ruff#3610 - \[`pyupgrade`] Convert single-argument %-style format calls by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3600 - \[`pyupgrade`] Flag PEP 585 and PEP 604 violations in quoted annotations by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3593 - \[`pyupgrade`] Enable autofix for annotations within 'simple' string literals by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3657 - \[`pyflakes`] Add autofix functionality for `F523` ([#​3613](https://togithub.com/charliermarsh/ruff/issues/3613)) by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3613 - \[`flake8-bandit`]: Implement deny-list rules for suspicious member calls by [@​colin99d](https://togithub.com/colin99d) in [astral-sh/ruff#3239 - \[`flake8-annotations`] Add autofix for `ANN204` with magic methods by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3633 - \[`pylint`] Implement `binary-op-exception` (`PLW0711`) by [@​latonis](https://togithub.com/latonis) in [astral-sh/ruff#3639 - \[`flake8-django`]: Implement rule DJ012 by [@​dhruvmanila](https://togithub.com/dhruvmanila) in [astral-sh/ruff#3659 ##### Bug Fixes - Check exclusions prior to resolving `pyproject.toml` files by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3588 - Fix D417 false positive by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3596 - Avoid removing comment hash for noqa's with trailing content by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3589 - Avoid panics for implicitly-concatenated docstrings by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3584 - Fix infinite loop due to rules `D207` & `W605` by [@​vlindhol](https://togithub.com/vlindhol) in [astral-sh/ruff#3609 - Avoid trimming escaped whitespace in D210 by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3635 - Handle `UP032` autofix with adjacent keywords by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3636 - Consider same-site fixes to be overlapping by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3638 - Avoid `RUF007` fixes for more than two arguments by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3654 - Allow `pairwise` diagnostics for `zip(..., strict=True)` by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3669 - isort: fix bad interaction between `force-sort-within-sections` and `force-to-top` by [@​bluetech](https://togithub.com/bluetech) in [astral-sh/ruff#3645 - Gracefully handle lint panics by [@​MichaReiser](https://togithub.com/MichaReiser) in [astral-sh/ruff#3509 - Fix TRY300 false positive by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [astral-sh/ruff#3634 - Avoid raising PEP 604 errors with forward-referenced members by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3640 - Avoid attempting infinite `open` fix with re-bound builtin by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3650 - Check indentation level when executing E231 by [@​kyoto7250](https://togithub.com/kyoto7250) in [astral-sh/ruff#3668 - Flag, but don't fix, unused imports (`F401`) in `ModuleNotFoundError` blocks by [@​charliermarsh](https://togithub.com/charliermarsh) in [astral-sh/ruff#3658 #### New Contributors - [@​Rogdham](https://togithub.com/Rogdham) made their first contribution in [astral-sh/ruff#3607 - [@​vlindhol](https://togithub.com/vlindhol) made their first contribution in [astral-sh/ruff#3609 - [@​dhruvmanila](https://togithub.com/dhruvmanila) made their first contribution in [astral-sh/ruff#3605 - [@​luke396](https://togithub.com/luke396) made their first contribution in [astral-sh/ruff#3604 - [@​fuziontech](https://togithub.com/fuziontech) made their first contribution in [astral-sh/ruff#3641 **Full Changelog**: astral-sh/ruff@v0.0.257...v0.0.258 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/allenporter/flux-local). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNC4yIiwidXBkYXRlZEluVmVyIjoiMzUuMTQuMiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ref: #1646
@charliermarsh the different violations have different severities. Would you like me to add a setting that lets users only see errors above a certain severity?