Remove bandit and replace with it's ruff variant (#42)

.github/workflows/python-app.yml

@@ -37,9 +37,6 @@ jobs:
       - name: Lint with ruff
         if: always()
         run: docker-compose run test-pipeline ruff src
-      - name: Check with bandit
-        if: always()
-        run: docker-compose run test-pipeline bandit -r src -c pyproject.toml
       - name: Test with unit pytest
         if: always()
         run: |

.pre-commit-config.yaml

@@ -57,16 +57,6 @@ repos:
         exclude: alembic
         args: [--fix, --exit-non-zero-on-fix]
 
-  - repo: local
-    hooks:
-      - id: bandit
-        name: bandit
-        entry: bandit
-        language: system
-        types: [ python ]
-        exclude: alembic|test_.*|conftest.py
-        args: [ -c, pyproject.toml ]
-
   - repo: https://github.com/radix-ai/auto-smart-commit
     rev: v1.0.3
     hooks:

pyproject.toml

@@ -2,9 +2,6 @@
 build-backend = "poetry.core.masonry.api"
 requires = ["poetry-core"]
 
-[tool.bandit]
-exclude_dirs = ["test"]
-
 [tool.black]
 line-length = 120
 
@@ -74,7 +71,6 @@ sqlmodel = "^0.0.14"
 typing-extensions = "^4.9.0"
 
 [tool.poetry.group.dev.dependencies]
-bandit = {extras = ["toml"], version = "^1.7.4"}
 black = "*"
 coverage = {extras = ["toml"], version = "^6.4.4"}
 factory-boy = "^3.3.0"
@@ -114,6 +110,7 @@ select = [
   "C",
   "PT",
   "I",
+  "S",
   "RSE",
   "RET501",
   "RET502",
@@ -141,3 +138,4 @@ max-complexity = 10
 [tool.ruff.lint.per-file-ignores]
 "src/helpers/factories/*" = ["FBT001"]
 "src/model_hub.py" = ["F401"]
+"src/tests/*" = ["S"]

src/bot/controllers.py

@@ -150,5 +150,5 @@ async def select_from_tavern_menu(
         return NO_MENU_ITEMS_FOR_CHOSEN_DAY_MESSAGE
     food_text = food_items[0].food.title()
     if style == ChooseStyle.RANDOM:
-        food_text = random.choice(food_items).food.title()  # nosec
+        food_text = random.choice(food_items).food.title()  # noqa: S311
     return f"Order Up!\n{food_text}"