fix(#365): fix coordinator CI bandit config and pip upgrade

Three fixes for the coordinator pipeline: 1. Use bandit.yaml config file (-c bandit.yaml) so global skips and exclude_dirs are respected in CI. 2. Upgrade pip to >=25.3 in the install step so pip-audit doesn't fail on the stale pip 24.0 bundled with python:3.11-slim. 3. Clean up nosec inline comments to bare "# nosec BXXX" format, moving explanations to a separate comment line above. This prevents bandit from misinterpreting trailing text as test IDs. Fixes #365 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 16:05:07 -06:00
parent a269f4b0ee
commit 111a41c7ca
3 changed files with 6 additions and 3 deletions
--- a/apps/coordinator/src/telemetry.py
+++ b/apps/coordinator/src/telemetry.py
@@ -139,7 +139,8 @@ class TelemetryService:
        if self._tracer is None:
            # Initialize if not already done
            self.initialize()
-        assert self._tracer is not None  # nosec B101 — Type narrowing after None guard
+        # Type narrowing after None guard
+        assert self._tracer is not None  # nosec B101
        return self._tracer

    def shutdown(self) -> None: