-
-
Notifications
You must be signed in to change notification settings - Fork 307
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
packaging: Use subprocess instead of os.popen for change log creation #3469
packaging: Use subprocess instead of os.popen for change log creation #3469
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good start. I have no idea why os.popen is here except that the code is quite dated. Works fine, it was just different Python in 2008.
…put goes to fout var.
fixed import mistake Co-authored-by: Markus Neteler <markus@neteler.org>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses subproccess instead of os, more secure.
command changed to an array of arguments passed to subprocess.popen(args)
. code simplified overall for easier understanding.
@kpolchow almost there! This PR is almost ready! |
Co-authored-by: Edouard Choinière <27212526+echoix@users.noreply.github.com>
CI is still failing. I think it is formatting with black that was forgotten. |
thanks for the notice, I fixed the formatting reports from flake8 and black |
…ted to optionally add rev_range
fixed empty ChangeLog in PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All issues were addressed and the change log is generated in the CI in the release draft check.
…#3469) This addresses a warning from Bandit about an injection attack risk by using subprocess.Popen instead of os.popen. --------- Co-authored-by: kpolchow <polchow.kira@gmail.com>
This addresses a warning from Bandit about an injection attack risk by using subprocess.Popen instead of os.popen.