⚠️ CONFLICT! Lineage pull request for: skeleton

[cisagovbot]

Lineage Pull Request: CONFLICT

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-generic.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

1. Take ownership of this pull request by removing any other assignees.

2. Clone the repository locally, and reapply the merge:

   git clone [email protected]:cisagov/development-guide.git development-guide
   cd development-guide
   git remote add skeleton https://github.com/cisagov/skeleton-generic.git
   git remote set-url --push skeleton no_push
   git switch develop
   git switch --create lineage/skeleton --track origin/develop
   git pull skeleton HEAD
   git status

3. Review the changes displayed by the status command. Fix any conflicts and
   possibly incorrect auto-merges.

4. After resolving each of the conflicts, add your changes to the
   branch, commit, and push your changes:

   git add .github/dependabot.yml 
   git commit
   git push --force --set-upstream origin lineage/skeleton

   Note that you may append to the default merge commit message
   that git creates for you, but please do not delete the existing
   content. It provides useful information about the merge that is
   being performed.

5. Wait for all the automated tests to pass.

6. Confirm each item in the "Pre-approval checklist" below.

7. Remove any of the checklist items that do not apply.

8. Ensure every remaining checkbox has been checked.

9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!

• ✌️ The conflicts in this pull request have been resolved.
• All relevant type-of-change labels have been added.
• All new and existing tests pass.

---

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

[dv4harr10]

Hi @mcdonnnj Nick, one question: for file setup.py line 25 the usage of exec( ) raises a security concern if its evaluating dynamic content, it may be a code injection vulnerability. Please advise if we can ensure its not definable be an external source. Line 25 reads 'exec(f,read(), pkg_vars) # nosec

[mcdonnnj]

Hi @mcdonnnj Nick, one question: for file setup.py line 25 the usage of exec( ) raises a security concern if its evaluating dynamic content, it may be a code injection vulnerability. Please advise if we can ensure its not definable be an external source. Line 25 reads 'exec(f,read(), pkg_vars) # nosec

Please make an issue to convert this to the same logic used in cisagov/skeleton-python-library. This is outside the scope of this pull request.

[dv4harr10]

Hi @mcdonnnj Nick, one question: for file setup.py line 25 the usage of exec( ) raises a security concern if its evaluating dynamic content, it may be a code injection vulnerability. Please advise if we can ensure its not definable be an external source. Line 25 reads 'exec(f,read(), pkg_vars) # nosec

Please make an issue to convert this to the same logic used in cisagov/skeleton-python-library. This is outside the scope of this pull request.

@mcdonnnj Thanks, Added issue #107