Tests do not load on Python 3.7 with `importlib-metadata` 5.0.0 and `stevedore` 3.5.1
See original GitHub issueDescribe the bug
While the release of stevedore 3.5.1
appears to have resolved the problems reported in #951 and #953 I am seeing a new problem when using the following on Python 3.7:
$ pip list | grep "bandit\|importlib-metadata\|stevedore"
bandit 1.7.4
importlib-metadata 5.0.0
stevedore 3.5.1
I get the following:
$ bandit --version
bandit 1.7.4
python version = 3.7.15 (default, Oct 14 2022, 02:08:07) [GCC 11.2.0]
$ bandit -r .
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.7.15
[main] ERROR No tests would be run, please check the profile.
In comparison in the same directory:
$ pip list | grep "bandit\|importlib-metadata\|stevedore"
bandit 1.7.4
importlib-metadata 4.13.0
stevedore 3.5.1
$ bandit --version
bandit 1.7.4
python version = 3.7.15 (default, Oct 14 2022, 02:08:07) [GCC 11.2.0]
$ bandit -r .
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.7.15
Run started:2022-10-14 18:09:03.392403
Test results:
No issues identified.
Code scanned:
Total lines of code: 1949
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 0
Medium: 0
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 0
Files skipped (0):
Workaround
Pinning to importlib-metadata<5
works. If you are using bandit
in a pre-commit configuration you can add the following to your hook configuration:
additional_dependencies:
- importlib-metadata<5
such that a full hook configuration looks something like:
- repo: https://github.com/PyCQA/bandit
rev: 1.7.4
hooks:
- id: bandit
name: bandit
additional_dependencies:
- importlib-metadata<5
Reproduction steps
1. Install `bandit` into a Python 3.7 environment.
2. Attempt to use `bandit` to check code.
Expected behavior
bandit
would successfully load tests and use them.
Bandit version
1.7.4 (Default)
Python version
3.7
Additional context
No response
Issue Analytics
- State:
- Created a year ago
- Reactions:4
- Comments:10 (5 by maintainers)
Top Results From Across the Web
5.0.0 is causing problems in Python 3.7. Can't import celery ...
I can't run the import statement from celery import Celery in Python 3.7 with importlib-metadata 5.0.0 installed.
Read more >Bug #1997593 “k8s validation fails with ModuleNotFoundError
tox/py3/bin/python -m pip install --upgrade pip' command. ... WARNING: You are using pip version 22.0.4; however, version 22.3.1 is available. You ...
Read more >pytest coverage not working after python update to 3.11
I should end up with latest version supported by python 3.11. But either that's not the case or I'm missing something (it's note...
Read more >What's New - Oracle Linux Yum Server
Oracle Linux with Oracle enterprise-class support is the best Linux operating system (OS) for your enterprise computing needs.
Read more >Starter Code | Kaggle
Python · Fast ML Prototyping ML Tabular Exercise ... (from importlib-metadata<5.0.0->optuna) (3.8.0) Requirement already satisfied: ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
For those wondering what the workaround is this time; it is the same as for the previous problem:
pip install bandit 'importlib-metadata<5'
or equivalent.stevedore
3.5.2 is out and everything seems to be back to normal.