Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wemake has 80 chars hard limit, not 79 #2241

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

Copy link

codecov bot commented Feb 28, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.15%. Comparing base (7de1829) to head (b553962).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2241   +/-   ##
=======================================
  Coverage   99.15%   99.15%           
=======================================
  Files          39       39           
  Lines        3091     3091           
  Branches      748      748           
=======================================
  Hits         3065     3065           
  Misses         15       15           
  Partials       11       11           

@sobolevn
Copy link
Member Author

Lint failure is unrelated:

 +==============================================================================+
 VULNERABILITIES FOUND 
+==============================================================================+

-> Vulnerability found in bandit version 1.7.6
   Vulnerability ID: 64484
   Affected spec: <1.7.7
   ADVISORY: Bandit 1.7.7 identifies the str.replace method as a
   potential risk for SQL injection because it can be misused in constructing...
   PVE-2024-64484
   For more information, please visit
   https://data.safetycli.com/v/64484/f17


-> Vulnerability found in mkdocs-material version 8.5.4
   Vulnerability ID: 59587
   This vulnerability is being ignored.
   For more information, please visit
   https://data.safetycli.com/v/59587/f17


-> Vulnerability found in py version 1.11.0
   Vulnerability ID: 51457
   This vulnerability is being ignored.
   For more information, please visit
   https://data.safetycli.com/v/51457/f17

 Scan was completed. 1 vulnerability was found. 2 vulnerabilities from 2 
 packages were ignored. 

@sobolevn
Copy link
Member Author

After fixing it, wemake-python-styleguide builds work once again: wemake-services/wemake-python-styleguide#2864 🎉 👍

@sobolevn
Copy link
Member Author

sobolevn commented Mar 4, 2024

@staticdev friendly ping :)

@sobolevn
Copy link
Member Author

@timothycrosley looks like this project needs an extra pair of eyes :)
I can volunteer to do some review and maintaince work for isort.
I know a thing or two about Python

My email is in my profile, just in case.

@sobolevn

This comment was marked as spam.

sobolevn added a commit to sobolevn/isort that referenced this pull request Apr 14, 2024
It is a dev-dependency and there's no real vulnerability.
This is why a job in my CI fails: PyCQA#2241

Link to CVE: https://data.safetycli.com/v/64484/f17

Or you can bump `bandit` to 1.7.8: https://pypi.org/project/bandit/1.7.8/
@sobolevn
Copy link
Member Author

@sigmavirus24 is there anything I can do to help fixing this? It affects all my projects and lots of my users. There was no reaction from isort team for half a year. I want to escalate this to PyCQA, because I still receive bug reports about this issue in my own projects :(

@sigmavirus24
Copy link
Member

@sobolevn PyCQA is a loose aggregation of projects. I provide the administration of the org & teams to help facilitate things for folks, but I don't take over projects or merge things unless asked to help by the owners/maintainers.

In other words, I won't provide review on this, approve it, merge it, etc. And I will not arbitrarily add you to the team to maintain this. Even if I did, I cannot add you to the package on PyPI in order to release it (assuming release automation isn't already present on this repository).

@sobolevn
Copy link
Member Author

Thanks for the quick feedback! It is totally reasonable. I was not asking for any of these actions from you, just letting you know: isort is very popular and it is sad that it is currently lacking attention.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants