Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

bandit 1.6.3 is getting picked up on python 2.7 installs

See original GitHub issue

Describe the bug

When running using python 2.7, a pip install bandit picks up 1.6.3.

To Reproduce

$ docker run -it --rm -v $PWD:$PWD -w $PWD python:2.7-buster sh
# python -m pip install -U pip setuptools wheel
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Collecting pip
  Downloading pip-20.3.1-py2.py3-none-any.whl (1.5 MB)
     |████████████████████████████████| 1.5 MB 3.2 MB/s 
Collecting setuptools
  Downloading setuptools-44.1.1-py2.py3-none-any.whl (583 kB)
     |████████████████████████████████| 583 kB 15.2 MB/s 
Collecting wheel
  Downloading wheel-0.36.1-py2.py3-none-any.whl (34 kB)
Installing collected packages: pip, setuptools, wheel
  Attempting uninstall: pip
    Found existing installation: pip 20.0.2
    Uninstalling pip-20.0.2:
      Successfully uninstalled pip-20.0.2
  Attempting uninstall: setuptools
    Found existing installation: setuptools 44.1.0
    Uninstalling setuptools-44.1.0:
      Successfully uninstalled setuptools-44.1.0
  Attempting uninstall: wheel
    Found existing installation: wheel 0.34.2
    Uninstalling wheel-0.34.2:
      Successfully uninstalled wheel-0.34.2
Successfully installed pip-20.3.1 setuptools-44.1.1 wheel-0.36.1
# python -m pip install bandit
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Collecting bandit
  Downloading bandit-1.6.3-py2.py3-none-any.whl (115 kB)
     |████████████████████████████████| 115 kB 3.9 MB/s 
ERROR: Package 'bandit' requires a different Python: 2.7.18 not in '>=3.5'

It’s been uploaded as a “universal wheel” which I think is the issue.

Expected behavior

An older version of bandit is picked up.

Issue Analytics

State:
Created 3 years ago
Reactions:2
Comments:5 (2 by maintainers)

Top GitHub Comments

3reactions

yoctozeptocommented, Dec 9, 2020

Agreed. Publish 1.6.4 as non-universal (or best yet, just publish 1.7.0 at least) and unpublish 1.6.3. That would help.

0reactions

ericwbcommented, Dec 13, 2020

1.6.3 yanked. Thanks everyone

Top Results From Across the Web

bandit 1.6.3 - PyPI

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST...

Frequently Asked Questions — Bandit documentation

Under Which Version of Python Should I Install Bandit?¶. The answer to this question depends on the project(s) you will be running Bandit...

How to Install Pip on Windows - ActiveState

Click to install Python's standard package manager, Pip, on Windows and keep it updated.

Release process - pip documentation v22.3.1

The pip project has a release cadence of releasing whatever is on main every 3 months. This gives users a predictable pattern for...

openstack/horizon - horizon - OpenDev: Free Software Needs Free ...

15041 Commits (stable/stein). All Branches. Search ; manchandavishal, 0ce59e53a0 · Cap bandit for python 2.7 env ... bandit 1.6.3 supports only python>=3.5 and ......