From b5a85f68b572c14cd2661d58b4d84c0eaf5a4b11 Mon Sep 17 00:00:00 2001
From: Mark Byrne <31762852+mbyrnepr2@users.noreply.github.com>
Date: Fri, 9 Dec 2022 16:27:10 +0100
Subject: Fix `bandit` high-severity warnings and use pre-commit (#7913)

Remove `shell=True` argument of `subprocess.call`.
Refactor: Use `subprocess.run` instead of `subprocess.call`.
Add `bandit` to .pre-commit-config.yaml.
Use `gitpython` for clone command.

Co-authored-by: Pierre Sassoulas <pierre.sassoulas@gmail.com>
---
 .pre-commit-config.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to '.pre-commit-config.yaml')

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 15d6a71d2..022cfe4be 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -146,3 +146,9 @@ repos:
               pylint/__pkginfo__.py|
               setup.cfg
           )$
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.4
+    hooks:
+      - id: bandit
+        args: ["-r", "-lll"]
+        exclude: *fixtures
-- 
cgit v1.2.1