Add zizmor security linter to pre-commit

hugovk · web-flow · commit c2cc96c2d266 · 2024-12-11T12:25:04.000-06:00
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.7.1
+    rev: v0.8.2
     hooks:
       - id: ruff
         args: [--exit-non-zero-on-fix]
@@ -25,23 +25,28 @@ repos:
       - id: trailing-whitespace
 
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.29.4
+    rev: 0.30.0
     hooks:
       - id: check-dependabot
       - id: check-github-workflows
 
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.3
+    rev: v1.7.4
     hooks:
       - id: actionlint
 
+  - repo: https://github.com/woodruffw/zizmor-pre-commit
+    rev: v0.8.0
+    hooks:
+      - id: zizmor
+
   - repo: https://github.com/tox-dev/pyproject-fmt
-    rev: v2.4.3
+    rev: v2.5.0
     hooks:
       - id: pyproject-fmt
 
   - repo: https://github.com/abravalheri/validate-pyproject
-    rev: v0.22
+    rev: v0.23
     hooks:
       - id: validate-pyproject
 
diff --git a/add_to_pydotorg.py b/add_to_pydotorg.py
@@ -29,8 +29,9 @@
 import re
 import subprocess
 import sys
+from collections.abc import Generator
 from os import path
-from typing import Any, Generator, NoReturn
+from typing import Any, NoReturn
 
 import requests
 
diff --git a/release.py b/release.py
@@ -19,13 +19,13 @@
 import subprocess
 import sys
 import tempfile
+from collections.abc import Generator
 from contextlib import contextmanager
 from dataclasses import dataclass
 from pathlib import Path
 from typing import (
     Any,
     Callable,
-    Generator,
     Literal,
     Protocol,
     Self,
@@ -524,8 +524,8 @@ def tarball(source: str, clamp_mtime: str) -> None:
     checksum_xz = hashlib.md5()
     with open(xz, "rb") as data:
         checksum_xz.update(data.read())
-    print("  %s  %8s  %s" % (checksum_tgz.hexdigest(), int(os.path.getsize(tgz)), tgz))
-    print("  %s  %8s  %s" % (checksum_xz.hexdigest(), int(os.path.getsize(xz)), xz))
+    print(f"  {checksum_tgz.hexdigest()}  {os.path.getsize(tgz):8}  {tgz}")
+    print(f"  {checksum_xz.hexdigest()}  {os.path.getsize(xz):8}  {xz}")
 
 
 def export(tag: Tag, silent: bool = False, skip_docs: bool = False) -> None:
diff --git a/run_release.py b/run_release.py
@@ -21,8 +21,9 @@
 import tempfile
 import time
 import urllib.request
+from collections.abc import Iterator
 from pathlib import Path
-from typing import Any, Iterator, cast
+from typing import Any, cast
 
 import aiohttp
 import gnupg  # type: ignore[import-untyped]
