From 487d38eafeb30db49148011d894a6d086211f603 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Wed, 29 Nov 2023 18:47:47 +0100
Subject: [PATCH] Upgrade pre-commit hooks and introduce bandit hook

---
 .pre-commit-config.yaml | 61 ++++++++++++++++++++++-------------------
 check_forgejo_upgrade   |  6 ++--
 2 files changed, 36 insertions(+), 31 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 3d94036..86eac21 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,31 +1,36 @@
 # Pre-commit hooks to run tests and ensure code is cleaned.
 # See https://pre-commit.com for more information
 repos:
--   repo: local
-    hooks:
-    -   id: pylint
-        name: pylint
-        entry: pylint
-        language: system
-        types: [python]
-        require_serial: true
--   repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
-    hooks:
-    -   id: flake8
-        args: ['--max-line-length=100']
--   repo: https://github.com/asottile/pyupgrade
-    rev: v3.3.1
-    hooks:
-    - id: pyupgrade
-      args: ['--keep-percent-format', '--py37-plus']
--   repo: https://github.com/psf/black
-    rev: 22.12.0
-    hooks:
-    - id: black
-      args: ['--target-version', 'py37', '--line-length', '100']
--   repo: https://github.com/PyCQA/isort
-    rev: 5.12.0
-    hooks:
-    - id: isort
-      args: ['--profile', 'black', '--line-length', '100']
+- repo: https://github.com/asottile/pyupgrade
+  rev: v3.15.0
+  hooks:
+  - id: pyupgrade
+    args: ['--keep-percent-format', '--py37-plus']
+- repo: https://github.com/psf/black
+  rev: 23.11.0
+  hooks:
+  - id: black
+    args: ['--target-version', 'py37', '--line-length', '100']
+- repo: https://github.com/PyCQA/isort
+  rev: 5.12.0
+  hooks:
+  - id: isort
+    args: ['--profile', 'black', '--line-length', '100']
+- repo: https://github.com/PyCQA/flake8
+  rev: 6.1.0
+  hooks:
+  - id: flake8
+    args: ['--max-line-length=100']
+- repo: local
+  hooks:
+  - id: pylint
+    name: pylint
+    entry: pylint
+    language: system
+    types: [python]
+    require_serial: true
+- repo: https://github.com/PyCQA/bandit
+  rev: 1.7.5
+  hooks:
+  - id: bandit
+    args: [--skip, "B101", --recursive, "mylib"]
diff --git a/check_forgejo_upgrade b/check_forgejo_upgrade
index 5b982a8..7bf65b1 100755
--- a/check_forgejo_upgrade
+++ b/check_forgejo_upgrade
@@ -21,7 +21,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 import argparse
 import logging
 import re
-import subprocess
+import subprocess  # nosec
 import sys
 
 import requests
@@ -59,7 +59,7 @@ logging.debug("Command use to retreive current version of Forgejo: %s", " ".join
 OUTPUT = None
 EXCEPTION = None
 try:
-    OUTPUT = subprocess.check_output(cmd)
+    OUTPUT = subprocess.check_output(cmd)  # nosec
     logging.debug("Output:\n%s", OUTPUT)
     m = re.search("version ([^ ]+) built", OUTPUT.decode("utf8", errors="ignore"))
     if m:
@@ -106,7 +106,7 @@ try:
             LATEST_INT = version_int
         else:
             logging.debug("Version %s considered as oldest than %s", version, LATEST)
-except Exception:  # pylint: disable=broad-except
+except Exception:  # pylint: disable=broad-except  # nosec
     pass
 logging.debug("Latest version: %s", LATEST)