Open sobolevn opened 8 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 99.15%. Comparing base (
7de1829
) to head (b553962
).
Lint failure is unrelated:
+==============================================================================+
VULNERABILITIES FOUND
+==============================================================================+
-> Vulnerability found in bandit version 1.7.6
Vulnerability ID: 64484
Affected spec: <1.7.7
ADVISORY: Bandit 1.7.7 identifies the str.replace method as a
potential risk for SQL injection because it can be misused in constructing...
PVE-2024-64484
For more information, please visit
https://data.safetycli.com/v/64484/f17
-> Vulnerability found in mkdocs-material version 8.5.4
Vulnerability ID: 59587
This vulnerability is being ignored.
For more information, please visit
https://data.safetycli.com/v/59587/f17
-> Vulnerability found in py version 1.11.0
Vulnerability ID: 51457
This vulnerability is being ignored.
For more information, please visit
https://data.safetycli.com/v/51457/f17
Scan was completed. 1 vulnerability was found. 2 vulnerabilities from 2
packages were ignored.
After fixing it, wemake-python-styleguide
builds work once again: https://github.com/wemake-services/wemake-python-styleguide/pull/2864 🎉 👍
@staticdev friendly ping :)
@timothycrosley looks like this project needs an extra pair of eyes :)
I can volunteer to do some review and maintaince work for isort
.
I know a thing or two about Python
My email is in my profile, just in case.
@jdufresne maybe?
@sigmavirus24 is there anything I can do to help fixing this? It affects all my projects and lots of my users. There was no reaction from isort team for half a year. I want to escalate this to PyCQA, because I still receive bug reports about this issue in my own projects :(
@sobolevn PyCQA is a loose aggregation of projects. I provide the administration of the org & teams to help facilitate things for folks, but I don't take over projects or merge things unless asked to help by the owners/maintainers.
In other words, I won't provide review on this, approve it, merge it, etc. And I will not arbitrarily add you to the team to maintain this. Even if I did, I cannot add you to the package on PyPI in order to release it (assuming release automation isn't already present on this repository).
Thanks for the quick feedback! It is totally reasonable. I was not asking for any of these actions from you, just letting you know: isort
is very popular and it is sad that it is currently lacking attention.
Proof:
Refs: