search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.5k stars 610 forks source link

Latest version of rich doesn't work #1179

Closed jccastillocano closed 1 month ago

jccastillocano commented 1 month ago

Describe the bug

Since rich dependency in requirements.txt is not pinned, it tries to pull latest https://github.com/Textualize/rich/releases/tag/v13.9.0 version, which has a bug (see trace below):

Traceback (most recent call last):
  File "/Users/jcastillocano/git/bandit/.venv/bin/bandit", line 5, in <module>
    from bandit.cli.main import main
  File "/Users/jcastillocano/git/bandit/.venv/lib/python3.9/site-packages/bandit/__init__.py", line 7, in <module>
    from bandit.core import config  # noqa
  File "/Users/jcastillocano/git/bandit/.venv/lib/python3.9/site-packages/bandit/core/__init__.py", line 7, in <module>
    from bandit.core import manager  # noqa
  File "/Users/jcastillocano/git/bandit/.venv/lib/python3.9/site-packages/bandit/core/manager.py", line 16, in <module>
    from rich import progress
  File "/Users/jcastillocano/git/bandit/.venv/lib/python3.9/site-packages/rich/progress.py", line 45, in <module>
    from typing_extensions import Self  # pragma: no cover
ModuleNotFoundError: No module named 'typing_extensions'

Reproduction steps

1. `virtualenv .venv -p python3.9`
2. `. .venv/bin/activate`
3. `pip install bandit==1.9.0`
4. `.venv/bin/bandit --help`

Expected behavior

.venv/bin/bandit --help                                                                                                                                                      (⎈|aws-otk-sandbox-dev-general-use1-002:default)
usage: bandit [-h] [-r] [-a {file,vuln}] [-n CONTEXT_LINES] [-c CONFIG_FILE] [-p PROFILE] [-t TESTS] [-s SKIPS] [-l | --severity-level {all,low,medium,high}] [-i | --confidence-level {all,low,medium,high}] [-f {csv,custom,html,json,screen,txt,xml,yaml}]
              [--msg-template MSG_TEMPLATE] [-o [OUTPUT_FILE]] [-v] [-d] [-q] [--ignore-nosec] [-x EXCLUDED_PATHS] [-b BASELINE] [--ini INI_PATH] [--exit-zero] [--version]
              [targets ...]

Bandit - a Python source code security analyzer
...

Bandit version

1.7.9 (Default)

Python version

3.9

Additional context

It get fixed when installing previous rich version with pip install rich==13.8.1

jccastillocano commented 1 month ago

Related issue https://github.com/PyCQA/bandit/issues/1180

jccastillocano commented 1 month ago

Created https://github.com/PyCQA/bandit/pull/1181 for fixing it.

jccastillocano commented 1 month ago

This issue has been fixed in the latest version of rich. See https://github.com/Textualize/rich/releases/tag/v13.9.1