search

scrapy / scrapy

Scrapy, a fast high-level web crawling & scraping framework for Python.
https://scrapy.org
BSD 3-Clause "New" or "Revised" License
51.16k stars 10.35k forks source link

Use defusedxml.xmlrpc #6251

Closed Laerte closed 2 months ago

Laerte commented 2 months ago

Fix #6250

codecov[bot] commented 2 months ago

Codecov Report

Merging #6251 (008ebb6) into master (2d46b4a) will increase coverage by 0.00%. The diff coverage is 100.00%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #6251 +/- ## ======================================= Coverage 88.90% 88.90% ======================================= Files 161 161 Lines 11790 11792 +2 Branches 1913 1913 ======================================= + Hits 10482 10484 +2 Misses 980 980 Partials 328 328 ``` | [Files](https://app.codecov.io/gh/scrapy/scrapy/pull/6251?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scrapy) | Coverage Δ | | |---|---|---| | [scrapy/http/request/rpc.py](https://app.codecov.io/gh/scrapy/scrapy/pull/6251?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scrapy#diff-c2NyYXB5L2h0dHAvcmVxdWVzdC9ycGMucHk=) | `100.00% <100.00%> (ø)` | |
Gallaecio commented 2 months ago

@wRAR @Laerte Any idea why bandit is passing even though B411 is not in https://github.com/scrapy/scrapy/blob/master/.bandit.yml ?

wRAR commented 2 months ago

B411 is only emitted by a newer version, I haven't published a PR that bumps it yet.

wRAR commented 2 months ago

Note that https://github.com/PyCQA/bandit/issues/1082 applies here, so we will still need to silence the error until the fix detection is added/fixed.