Skip to content

Add pre-commit pip audit #211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jbampton merged 7 commits into from
Dec 29, 2025
Merged

Add pre-commit pip audit #211

jbampton merged 7 commits into from
Dec 29, 2025

Conversation

@jbampton
Copy link
Member

@jbampton jbampton commented Dec 29, 2025

No description provided.

@jbampton jbampton added this to the December - January 2025 milestone Dec 29, 2025
@jbampton jbampton self-assigned this Dec 29, 2025
@jbampton jbampton requested a review from BaseMax as a code owner December 29, 2025 14:10
@jbampton jbampton added this to Turbo Dec 29, 2025
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Dec 29, 2025
edited
Loading

Deploying john-bampton with  Cloudflare Pages  Cloudflare Pages

Latest commit: 2dfb45f
Status: ✅  Deploy successful!
Preview URL: https://0348a8a7.john-bampton.pages.dev
Branch Preview URL: https://add-pre-commit-pip-audit.john-bampton.pages.dev

View logs

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Dec 29, 2025

Summary of Changes

Hello @jbampton, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's security by introducing an automated dependency vulnerability scanner. By integrating pip-audit into the pre-commit workflow, developers will receive immediate feedback on potential security issues within Python packages before code is committed, thereby fostering a more secure and robust codebase.

Highlights

  • Pre-commit Hook Integration: Integrated the pip-audit tool into the .pre-commit-config.yaml to automatically scan for known vulnerabilities in Python dependencies.
  • Dependency Auditing: The pip-audit hook, utilizing version v2.10.0 from the pypa/pip-audit repository, will now execute as part of the pre-commit checks.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files
  • Ignored by pattern: .github/workflows/** (1)
    • .github/workflows/super-linter.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@jbampton jbampton moved this to In Progress in Turbo Dec 29, 2025
gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 29, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds pip-audit to the pre-commit hooks, which is a great step for improving security by scanning for vulnerable dependencies. However, I've found a critical issue in the configuration that would prevent the hook from being installed and also renders it ineffective for its purpose. My review comment includes a detailed explanation and a suggested fix to make the hook work correctly.

@deepsource-io
Copy link
Contributor

deepsource-io bot commented Dec 29, 2025
edited
Loading

Here's the code health analysis summary for commits 565c031..2dfb45f. View details on DeepSource ↗.

Analysis Summary

AnalyzerStatusSummaryLink
DeepSource Secrets LogoSecrets✅ SuccessView Check ↗
DeepSource Python LogoPython✅ SuccessView Check ↗
DeepSource JavaScript LogoJavaScript✅ SuccessView Check ↗
💡 If you’re a repository administrator, you can configure the quality gates from the settings.

jbampton
jbampton commented Dec 29, 2025
View reviewed changes
jbampton and others added 2 commits December 30, 2025 00:14
@jbampton
Update .pre-commit-config.yaml
3ae8795
@deepsource-autofix
style: format code with Black, isort, Prettier and Ruff Formatter
8dcadbf 
This commit fixes the style issues introduced in 3ae8795 according to the output
from Black, isort, Prettier and Ruff Formatter.

Details: #211
jbampton
jbampton commented Dec 29, 2025
View reviewed changes
jbampton
jbampton commented Dec 29, 2025
View reviewed changes
@jbampton jbampton merged commit 4ff12cc into main Dec 29, 2025
18 of 38 checks passed
@jbampton jbampton deleted the add-pre-commit-pip-audit branch December 29, 2025 14:24
@github-project-automation github-project-automation bot moved this from In Progress to Done in Turbo Dec 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BaseMax BaseMax Awaiting requested review from BaseMax BaseMax is a code owner

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@jbampton jbampton

Labels

python tests yaml

Projects

Turbo
Status: Done

Milestone

December - January 2025

Development

Successfully merging this pull request may close these issues.

2 participants

@jbampton