* Remove bandit
* Add ruff ruleset "flake8-bandit"
* verify_release is now checked by bandit
* Avoid some asserts as suggested
* ignore a subprocess.run lint: it seems dumb
* ignore all bandit rules for tests and examples (just like before)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
- adpot changes in dependabot.yml and remove --diff from ruff check.
- select pydocstyle, isort, pyflakes, pep8-naming, pycodestyle for ruff and ignore some small issues / add inline comments.
- adjust docstring length to 80 in various files
Signed-off-by: E3E <ntanzill@purdue.edu>
All dependencies are now checked weekly and those weekly updates
are grouped into 4 groups:
* critical python build/release deps
* python test and lint deps (only pinned for test repro)
* all other python dependencies
* All github action dependencies
This is not quite the division that was hashed out in #2014, mostly for
practical reasons:
* GitHub actions are already practically split by pinning strategy so they
don't really need further groups:
* Non-security-relevant actions are pinned by tags
* Other actions are pinned by hash
* The dependency grouping is quite limited
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
- Drop Python 2.7 from GitHub Actions workflows. Note: There is likely
additional cleanup that can be done to the workflow now we no longer
care about supporting Python 2.7.
- No longer tell dependabot to ignore idna updates.
Signed-off-by: Joshua Lock <jlock@vmware.com>
New releases of the transitive (via 'requests') dependency 'idna'
break Python 2.7 builds. To fix this we configure dependabot to not
bump 'idna' in requirements-pinned.txt, which lists and
auto-updates all immediate and transitive dependencies for CI/CD
testing.
An alternative would be to add and restrict 'idna' in
'requirements.txt' but this is less preferable because
'requirements.txt' should only have direct dependencies.
For consulted dependabot config docs see:
https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/enabling-and-disabling-version-updates#disabling-dependabot-version-updates
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
