Replace pylint with ruff

[wallentx]

🌐 Breaking News 📰

Special Press Conference

This PR is going to make code great again, folks. A lotta hard work went into this, I'll tell you.. A lot of concepts of hard work in here... and... You ever hear about Ruff? Let me tell you, Ruff is absolutely tremendous — believe me. It’s very, very fast — and I know fast — it's the fastest, actually — and the best, most efficient linter like you’ve never seen. Not like that horrible pylint, which is slow and outdated. Compared to pylint, Ruff is like a rocket ship. And not one of those loser ships that blows up and wastes all of that beautiful fuel. Millions and millions of Developers everywhere are saying it’s saving them so much time, making their code cleaner and better than ever before. And I know them all very well, and I trust them. Ask anyone. They all say that all the code now is dirty because of pylint. It's never been worse. It's a failing project, run by bums and perverts! That's what they say - I didn't say it, but that's what they said... so, who knows.. Ruff is winning bigly in the world of code linting. Nobody does it better, and that’s a fact.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
pypi/aiohappyeyeballs@2.4.2	network	0	87.4 kB	bdraco
pypi/attrs@24.2.0	environment, eval, filesystem, shell, unsafe	0	1.47 MB	hynek
pypi/bitarray@2.9.2	eval, filesystem, unsafe	0	1.31 MB	ilanschnell
pypi/botocore@1.34.162	None	0	0 B
pypi/certifi@2024.8.30	filesystem	0	313 kB	Lukasa
pypi/cffi@1.17.1	None	0	0 B
pypi/charset-normalizer@3.3.2	environment, eval, filesystem	0	762 kB	Ousret
pypi/distlib@0.3.8	environment, eval, filesystem, network, shell, unsafe	0	1.65 MB	vsajip
pypi/exceptiongroup@1.2.2	environment, eval, shell	0	131 kB
pypi/identify@2.6.1	environment, filesystem	0	373 kB	asottile, ckuehl
pypi/idna@3.10	filesystem, network	0	1.14 MB	kjd
pypi/jaraco-classes@3.4.0	environment	0	30.2 kB	jaraco
pypi/jaraco-context@6.0.1	None	0	0 B
pypi/jaraco-functools@4.1.0	environment, eval	0	53.5 kB	jaraco
pypi/markupsafe@2.1.5	environment, unsafe	0	143 kB
pypi/more-itertools@10.5.0	eval, filesystem, unsafe	0	589 kB	bbayles, erikrose
pypi/multidict@6.1.0	None	0	0 B
pypi/nodeenv@1.9.0	environment, filesystem, network, shell	0	316 kB	evkalinin
pypi/pathspec@0.12.1	filesystem	0	217 kB	cpburnz
pypi/pefile@2024.8.26	environment, filesystem, network	0	353 kB	ero
pypi/platformdirs@4.3.6	None	0	0 B
pypi/portalocker@2.10.1	filesystem, shell	0	136 kB	wolph
pypi/pycparser@2.22	environment, eval, filesystem, shell, unsafe	0	889 kB	eliben
pypi/pygments@2.18.0	environment, eval, filesystem, network, shell, unsafe	0	44.1 MB	Anteru, gbrandl, mitsuhiko
pypi/pyinstaller-hooks-contrib@2024.8	environment, eval, filesystem	0	622 kB	Legorooj, bjones, htgoebel, ...1 more
pypi/pyproject-hooks@1.1.0	environment, filesystem, shell	0	30.5 kB	pradyunsg, takowl
pypi/python-dateutil@2.9.0	environment, eval, filesystem, shell, unsafe	0	1.08 MB	dateutilbot, jarondl, pganssle, ...1 more
pypi/ruff@0.6.8	None	0	0 B
pypi/s3transfer@0.10.2	environment, filesystem, network	0	784 kB	aws
pypi/sniffio@1.3.1	None	0	55.6 kB
pypi/tokenize-rt@6.0.0	filesystem	0	20.1 kB	asottile
pypi/urllib3@1.26.20	environment, eval, filesystem, network, unsafe	0	1.19 MB	SethMichaelLarson, shazow
pypi/urllib3@2.2.3	None	0	0 B
pypi/virtualenv@20.26.5	environment, eval, filesystem, network, shell	0	9.96 MB	gaborbernat, pf_moore
pypi/wheel@0.44.0	environment, eval, filesystem, shell, unsafe	0	464 kB	agronholm, joeforker, natefoo
pypi/yarl@1.13.1	None	0	0 B
pypi/zipp@3.20.2	eval, filesystem, unsafe	0	73.3 kB	jaraco

🚮 Removed packages: pypi/aiohappyeyeballs@2.3.5, pypi/astroid@3.2.4, pypi/attrs@23.1.0, pypi/bitarray@2.8.2, pypi/botocore@1.34.143, pypi/certifi@2024.7.4, pypi/cffi@1.16.0, pypi/charset-normalizer@3.3.0, pypi/dill@0.3.7, pypi/distlib@0.3.7, pypi/exceptiongroup@1.1.3, pypi/identify@2.5.30, pypi/idna@3.7, pypi/jaraco-classes@3.3.0, pypi/jaraco-context@5.3.0, pypi/jaraco-functools@4.0.1, pypi/markupsafe@2.1.3, pypi/more-itertools@10.1.0, pypi/multidict@6.0.5, pypi/nodeenv@1.8.0, pypi/pathspec@0.11.2, pypi/pefile@2023.2.7, pypi/platformdirs@3.11.0, pypi/portalocker@2.8.2, pypi/pycparser@2.21, pypi/pygments@2.16.1, pypi/pyinstaller-hooks-contrib@2024.7, pypi/pylint@3.2.6, pypi/pylint@3.3.1, pypi/pyproject-hooks@1.0.0, pypi/python-dateutil@2.8.2, pypi/s3transfer@0.10.1, pypi/sniffio@1.3.0, pypi/tokenize-rt@5.2.0, pypi/tomlkit@0.12.1, pypi/urllib3@1.26.19, pypi/urllib3@2.2.2, pypi/virtualenv@20.24.5, pypi/wheel@0.41.2, pypi/yarl@1.9.4, pypi/zipp@3.19.1

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
AI-detected potential code anomaly	pypi/pycparser@2.22	Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code. Confidence: 0.80 Severity: 0.70	poetry.lock	🚫
AI-detected potential code anomaly	pypi/pygments@2.18.0	Notes: The code appears to be intended for automation in updating a function list. However, it involves risky behaviors such as unsanitized writing into the source code from external content, which could lead to a supply chain attack if the source data is compromised. Confidence: 0.80 Severity: 0.60	poetry.lock	🚫
AI-detected potential code anomaly	pypi/s3transfer@0.10.2	Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code. Confidence: 0.80 Severity: 0.70	poetry.lock	🚫
AI-detected potential code anomaly	pypi/tokenize-rt@6.0.0	Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code. Confidence: 0.80 Severity: 0.70	poetry.lock	🚫
AI-detected potential code anomaly	pypi/urllib3@1.26.20	Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code. Confidence: 0.80 Severity: 0.70	poetry.lock	🚫
AI-detected potential code anomaly	pypi/zipp@3.20.2	Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code. Confidence: 0.80 Severity: 0.70	poetry.lock	🚫

View full report↗︎

Next steps

What is an AI-detected potential code anomaly?

AI has identified unusual behaviors that may pose a security risk.

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore pypi/pycparser@2.22
• @SocketSecurity ignore pypi/pygments@2.18.0
• @SocketSecurity ignore pypi/s3transfer@0.10.2
• @SocketSecurity ignore pypi/tokenize-rt@6.0.0
• @SocketSecurity ignore pypi/urllib3@1.26.20
• @SocketSecurity ignore pypi/zipp@3.20.2

[Quexington]

For reference, here's a breakdown of the pylint <-> ruff parity: astral-sh/ruff#970

[Quexington]

The biggest difference it seems to me between this and pylint off the bat is that it does not have type inference or multi file analysis

[wallentx]

Yep, I figured that this might not provide 1:1 functionality with what pylint provides, but I wasn't sure what was absent until I just attempted to implement it. I also wasn't sure if 1:1 parity was essential, or if there were just a few rules that were nice to have, that you could do without, or could handle with something similar.
https://github.com/Chia-Network/chia-blockchain/pull/18649/files#diff-50c86b7ed8ac2cf95bd48334961bf0530cdc77b5a56f852c5c61b89d735fd711R184-R196

The biggest difference it seems to me between this and pylint off the bat is that it does not have type inference or multi file analysis

Good find on ruff#290, and good to know there's some missing baseline functionality that makes this a non-starter. It does look like they have a specific label to track those 2 things - https://github.com/astral-sh/ruff/issues?q=sort%3Aupdated-desc+is%3Aopen+label%3Ared-knot

Also, this fellow's script looks like it might be of use some day in the future: https://gist.github.com/pcorpet/e776a8e794264b818c9cc6d06c11ef15

I'm not sure how far out things are from this being feature-ready to investigate using, so let me know if it's worth it to keep this in a draft state as a reminder, or a thing to poke at occasionally, else I can just close this for now. Letsbehonest this was just an excuse submit a PR from a branch named with emojis.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[Quexington]

I'm not saying those two things are deal breakers, I'm just adding documentation. I personally dislike pylint's type inference because I don't think it's very good and we have mypy checking the stuff better. Not sure about multi-file checking, but I (personally) have been an advocate for just deleting pylint altogether because I don't feel like it gives very helpful errors and often gives errors that don't seem to matter.

[Quexington]

Also @wallentx did you intend to also remove the pylint check at the same time?

[wallentx]

Also @wallentx did you intend to also remove the pylint check at the same time?

I think my nature just led me to that by default. Romantics are wary of broken hearts, and breaking them, and know better than to scatter their affections.

[wallentx]

Hey, it's Mike.
Listen, I’ve been waiting on this pull request, but I’m getting a bad feeling...

Yeah, two plus two aren't adding up, if you catch my drift.
Well, the whole thing stinks, and you know..
Yeah, I'd bet you a pallet of pillows You-Know-Who is behind it.
Dominion!
Yeah, I know, I know..
I know that! But trust me—I've seen this before. We’re not taking any chances.

I'm not taking any chances... I can't afford it.
Hey- gotta go.
Closing it down now.
Mmkay, God bless, bye.