ticket,summary,type,release,owner,status,created,modified,_description,_reporter
14206,Static analysis updates,defect,,Jun Omae,new,2023-02-28T10:52:45+01:00,2023-02-28T10:52:45+01:00,"Autopep8 mostly adjusts indentation. Manual addition of some docstrings, a classifier and a modest increase to the version number. 

Two issues which I want to highlight:
1. Typo in source:tracdbftsplugin/trunk/tracdbfts/api.py
{{{#!python lineno=533 marks=534
            cursor.execute(""DROP TRIGGER IF EXISTS dbfts_insert"")
            cursor.execute(""DROP TRIGGER IF EXISTS dbfts_insert"")
            cursor.execute(""DROP TRIGGER IF EXISTS dbfts_delete"")
}}}
1. [pypi:Bandit] speaks of [https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5 insecure hash function use] also in api.py, and perhaps you can suggest an alternative?
{{{#!python lineno=602 marks=611
def _build_hash(*values):
    def to_b(value):
        if isinstance(value, _inttypes):
            return b'%d' % value
        if isinstance(value, bytes):
            return value
        if isinstance(value, unicode):
            return value.encode('utf-8')
        raise ValueError('Unrecognized value %r' % type(value))
    d = hashlib.sha1()
    d.update(b'\0'.join(to_b(value) for value in values))
    return base64.b64encode(d.digest()).rstrip(b'=')
}}}
",figaro