bandit version and documentation reference in pre-commit run #1280
Description
Describe the bug
I use bandit via pre-commit:
- repo: https://github.com/PyCQA/bandit
rev: 1.8.5
hooks:
- id: banditUnfortunately, the help 'More Info: ...' is invalidly referenced (version number!), for example:
Test results:
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimized byte code.
Severity: Low Confidence: High
CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
More Info: https://bandit.readthedocs.io/en/0.0.0/plugins/b101_assert_used.html
Location: ...
...Instead of https://bandit.readthedocs.io/en/0.0.0/plugins/b101_assert_used.html you could expect https://bandit.readthedocs.io/en/1.8.5/plugins/b101_assert_used.html here, but unfortunately this also leads to 404.
Reproduction steps
1. use bandit via pre-commit
2. and produce an issue in python codeExpected behavior
'More Info: ...' should link to the correct documentation:
- Unfortunately there is no documentation for the actual release 1.8.5.
- Unfortunately there is no documentation for release 1.8.4, too.
- Linking to the
latestdocumentation may also be an option.
Bandit version
1.8.3 (Default)
Python version
3.12
Additional context
Via .pre-commit-config.yaml I use bandit:
- repo: https://github.com/PyCQA/bandit
rev: 1.8.5
hooks:
- id: banditTo get the installed version I run:
$ find ~/.cache/pre-commit/ -iname bandit
...
$ source ~/.cache/pre-commit/repoyk61p6e9/py_env-python3/bin/activate
$ bandit --version
bandit 0.0.0
python version = 3.12.11 (main, Jun 9 2025, 08:58:11) [GCC 14.2.0]But it is 1.8.5:
$ (cd ~/.cache/pre-commit/repo5otl2186 && git log | grep commit)
commit 23d269a665abd84597785fdf8fdda04ea89f59f3Unfortunately I cannot select the bandit version 1.8.5 here.