From d139433cc28dc51abeff2dbc277c337a747b2c14 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Fri, 29 Mar 2024 11:20:22 +0900
Subject: [PATCH] pre-commit: Bump versions and integrate bandit

Also remove the note about old pip's dependency resolver.

Change-Id: Ie835be50b9a5b1b054862c6fa904c701466952e6
---
 .pre-commit-config.yaml             | 18 +++++++-----------
 oslo_policy/generator.py            |  4 ++--
 oslo_policy/tests/test_generator.py |  2 +-
 requirements.txt                    |  4 ----
 test-requirements.txt               |  4 ----
 tox.ini                             |  3 ---
 6 files changed, 10 insertions(+), 25 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e658c594..7b8155ec 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,15 +1,6 @@
-# We from the Oslo project decided to pin repos based on the
-# commit hash instead of the version tag to prevend arbitrary
-# code from running in developer's machines.  To update to a
-# newer version, run `pre-commit autoupdate` and then replace
-# the newer versions with their commit hash.
-
-default_language_version:
-  python: python3
-
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: 9136088a246768144165fcc3ecc3d31bb686920a # v3.3.0
+    rev: v4.5.0
     hooks:
       - id: trailing-whitespace
       # Replaces or checks mixed line ending
@@ -32,8 +23,13 @@ repos:
       - id: flake8
         name: flake8
         additional_dependencies:
-          - hacking>=3.2.0,<3.3.0
+          - hacking>=6.1.0,<6.2.0
         language: python
         entry: flake8
         files: '^.*\.py$'
         exclude: '^(doc|releasenotes|tools)/.*$'
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.6
+    hooks:
+      - id: bandit
+        args: ['-x', 'tests', '--skip', 'B113']
diff --git a/oslo_policy/generator.py b/oslo_policy/generator.py
index 84a19b83..b4e93d59 100644
--- a/oslo_policy/generator.py
+++ b/oslo_policy/generator.py
@@ -172,7 +172,7 @@ def _format_rule_default_yaml(default, include_help=True, comment_rule=True,
     :param add_deprecated_rules: Whether to add the deprecated rules in format
                                  text.
     :returns: A string containing a yaml representation of the RuleDefault
-    """
+    """  # noqa: E501
     text = ('"%(name)s": "%(check_str)s"\n' %
             {'name': default.name,
              'check_str': default.check_str})
@@ -258,7 +258,7 @@ def _format_rule_default_json(default):
 
     :param default: A policy.RuleDefault or policy.DocumentedRuleDefault object
     :returns: A string containing a json representation of the RuleDefault
-    """
+    """  # noqa: E501
     return ('"%(name)s": "%(check_str)s"' %
             {'name': default.name,
              'check_str': default.check_str})
diff --git a/oslo_policy/tests/test_generator.py b/oslo_policy/tests/test_generator.py
index 9bdf2ee0..71c55fbe 100644
--- a/oslo_policy/tests/test_generator.py
+++ b/oslo_policy/tests/test_generator.py
@@ -978,6 +978,6 @@ class ConvertJsonToYamlTestCase(base.PolicyBaseTestCase):
 # or extra rules in policy file, it is strongly
 # recommended to switch to new rules.
 "deprecated_rule1_name": "rule:admin"
-'''
+'''  # noqa: E501
         self.assertIn(existing_deprecated_rule_with_warning,
                       converted_policy_data)
diff --git a/requirements.txt b/requirements.txt
index f2f2f85c..4991ed05 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,3 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
-
 requests>=2.14.2 # Apache-2.0
 oslo.config>=6.0.0 # Apache-2.0
 oslo.context>=2.22.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index 3717b438..2619a369 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,7 +1,3 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
-
 oslotest>=3.2.0 # Apache-2.0
 requests-mock>=1.2.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 7bd7d1aa..074db669 100644
--- a/tox.ini
+++ b/tox.ini
@@ -15,11 +15,8 @@ commands = stestr run --slowest {posargs}
 [testenv:pep8]
 deps =
   pre-commit>=2.6.0 # MIT
-  bandit>=1.6.0,<1.7.0 # Apache-2.0
 commands =
   pre-commit run -a
-  # Run security linter
-  bandit -r oslo_policy tests -n5
 
 [testenv:venv]
 commands = {posargs}