The GitHub Actions job "Tests" on airflow.git has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 343bac956b48aac80a7daaf0715e04d2cc37b373 / Jarek Potiuk <[email protected]> Review and mark found potential SSH security issues by bandit (#36162) Bandit releaed new version (1.7.6) few days ago. We had >=1.7.5 and it started to detect new potential issue (Auto Add Hostkey) in Google and SSH providers. Both case are valid however (in the first case the key is a throw-away one and just - dynamically - created so we cannot have it stored yet. Auto-Adding makes sense in this case. In case of SSH provider, the user must deliberately choose this option and they are clearly warned that it is not secure option. We are also fixing bandit to a pinned version. The problem with >= in case of pre-commit is that the result might depend on cache of pre-commit - in main we are still using 1.7.5 as it has been cached, but new PRs use 1.7.6 because they have no access to main cache. We will have a separate pre-commit added to make sure that we are updating to latest versions of other pre-commits soon. We need to make sure we are updating those deliberately. Report URL: https://github.com/apache/airflow/actions/runs/7164317188 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
