tylerwince/flake8-bandit

ConfigFileFinder is removed from flake8

wyuenho opened this issue · 7 comments

wyuenho commented

flake8-bandit/flake8_bandit.py

Line 10 in 4043bc5

from flake8.options.config import ConfigFileFinder

This flake8 commit removed it.

There are a few things from flake8's head that I need, but I'd also like to use flake8-bandit, so this is a bit of a pickle for me

staticdev commented

Now flake8-bandit does not work anymore with latest release from flake8 (5.0.0). It will throw:

ImportError: cannot import name 'ConfigFileFinder' from 'flake8.options.config'
  • 👍5
wyuenho commented

I believe bandit is best used by itself now since it has its own configuration lookup algorithm. It's either this or fix this plugin to use bandit's configuration lookup routine instead.

lsorber commented

Created PR #35 to attempt to address this issue.

  • ❤️16
scop commented

Thanks. I see some 4.x versions have been tagged here, but PyPI is still at 3.0.0. Any ETA for an update over there?

  • 👍2
staticdev commented

I am now successfully using bandit directly in my projects.. recommend the same. Eg. staticdev/human-readable#412

skwashd commented

@scop once #39 is merged and v4.1.1 is tagged PyPI should get the new release automagically.

  • 👀1
skwashd commented

@scop the CI bug was fixed and 4.1.1 was pushed to PyPI earlier today.