Use versioned links to docs#819
Merged
Merged
Conversation
ericwb
requested review from
ghugo,
lukehinds and
sigmavirus24
as code owners
| import bandit | ||
|
|
||
|
|
||
| BASE_URL = "https://bandit.readthedocs.io/" |
Member
There was a problem hiding this comment.
Why not do something like:
BASE_URL = f"https://bandit.readthedocs.io/en/{bandit.__version__}/"And then keep the rest of the code simpler?
Member
Author
There was a problem hiding this comment.
Makes sense, will change it.
Member
Author
There was a problem hiding this comment.
Hmm, not sure why, but using bandit.version as a global here causes stevedore to fail to load any extensions.
Member
Author
There was a problem hiding this comment.
I added a failure callback to the extension loader of Stevedore and get this
module 'bandit' has no attribute '__version__'
So root cause is that because BASE_URL is a global and calling into bandit module before it has been loaded, there is no such attribute.
Member
Author
There was a problem hiding this comment.
Think I can fix a few ways:
- revert to previous change
- move BASE_URL into the get_url() function. Seems BASE_URL is only global for the unit test purposes
- use pbr.version.VersionInfo("bandit").version_string() instead of bandit.version
sigmavirus24
approved these changes
Feb 21, 2022
In the report of a Bandit run, there are links to the docs as part of the more information. Today, these links are always to the latest docs. So depending on the version of Bandit you're running, these links could contain inaccurate information for that version. That's why this change makes it so a specific version of Bandit is pinned to refer to a specific version of documentation. Signed-off-by: Eric Brown <browne@vmware.com>
This was referenced Feb 28, 2022
Merged
Merged
chore(deps): update pre-commit hook pycqa/bandit to v1.7.3
browniebroke/flake8-django-migrations#174
Merged
This was referenced Feb 28, 2022
Merged
This was referenced Mar 7, 2022
This was referenced Mar 26, 2022
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In the report of a Bandit run, there are links to the docs as
part of the more information. Today, these links are always
to the latest docs. So depending on the version of Bandit you're
running, these links could contain inaccurate information for
that version.
That's why this change makes it so a specific version of Bandit
is pinned to refer to a specific version of documentation.
Signed-off-by: Eric Brown browne@vmware.com