Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Tests do not load on Python 3.7 with `importlib-metadata` 5.0.0 and `stevedore` 3.5.1

See original GitHub issue

Describe the bug

Jump to workaround

While the release of stevedore 3.5.1 appears to have resolved the problems reported in #951 and #953 I am seeing a new problem when using the following on Python 3.7:

$ pip list | grep "bandit\|importlib-metadata\|stevedore"
bandit               1.7.4
importlib-metadata   5.0.0
stevedore            3.5.1

I get the following:

$ bandit --version
bandit 1.7.4
  python version = 3.7.15 (default, Oct 14 2022, 02:08:07) [GCC 11.2.0]
$ bandit -r .
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.7.15
[main]  ERROR   No tests would be run, please check the profile.

In comparison in the same directory:

$ pip list | grep "bandit\|importlib-metadata\|stevedore"
bandit               1.7.4
importlib-metadata   4.13.0
stevedore            3.5.1
$ bandit --version
bandit 1.7.4
  python version = 3.7.15 (default, Oct 14 2022, 02:08:07) [GCC 11.2.0]
$ bandit -r .
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.7.15
Run started:2022-10-14 18:09:03.392403

Test results:
        No issues identified.

Code scanned:
        Total lines of code: 1949
        Total lines skipped (#nosec): 0

Run metrics:
        Total issues (by severity):
                Undefined: 0
                Low: 0
                Medium: 0
                High: 0
        Total issues (by confidence):
                Undefined: 0
                Low: 0
                Medium: 0
                High: 0
Files skipped (0):

Workaround

Pinning to importlib-metadata<5 works. If you are using bandit in a pre-commit configuration you can add the following to your hook configuration:

additional_dependencies:
  - importlib-metadata<5

such that a full hook configuration looks something like:

- repo: https://github.com/PyCQA/bandit
    rev: 1.7.4
    hooks:
      - id: bandit
        name: bandit
        additional_dependencies:
          - importlib-metadata<5

Reproduction steps

1. Install `bandit` into a Python 3.7 environment.
2. Attempt to use `bandit` to check code.

Expected behavior

bandit would successfully load tests and use them.

Bandit version

1.7.4 (Default)

Python version

3.7

Additional context

No response

Issue Analytics

  • State:closed
  • Created a year ago
  • Reactions:4
  • Comments:10 (5 by maintainers)

github_iconTop GitHub Comments

5reactions
emcdcommented, Oct 14, 2022

For those wondering what the workaround is this time; it is the same as for the previous problem: pip install bandit 'importlib-metadata<5' or equivalent.

4reactions
mportesdevcommented, Oct 21, 2022

stevedore 3.5.2 is out and everything seems to be back to normal.

Read more comments on GitHub >

github_iconTop Results From Across the Web

5.0.0 is causing problems in Python 3.7. Can't import celery ...
I can't run the import statement from celery import Celery in Python 3.7 with importlib-metadata 5.0.0 installed.
Read more >
Bug #1997593 “k8s validation fails with ModuleNotFoundError
tox/py3/bin/python -m pip install --upgrade pip' command. ... WARNING: You are using pip version 22.0.4; however, version 22.3.1 is available. You ...
Read more >
pytest coverage not working after python update to 3.11
I should end up with latest version supported by python 3.11. But either that's not the case or I'm missing something (it's note...
Read more >
What's New - Oracle Linux Yum Server
Oracle Linux with Oracle enterprise-class support is the best Linux operating system (OS) for your enterprise computing needs.
Read more >
Starter Code | Kaggle
Python · Fast ML Prototyping ML Tabular Exercise ... (from importlib-metadata<5.0.0->optuna) (3.8.0) Requirement already satisfied: ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Handle multiline import-from statements

Next page

Bandit broken via `stevedore` dependency with `importlib-metadata>=5`.