chore: fix ruff lint errors, bandit suppressions, and pin pip>=26.0

Remove unused imports (ruff F401), suppress B324 false positives on spec-mandated MD5 in HASSH/JA3/JA3S fingerprinting, drop unused record_version assignment in JARM parser, and pin pip>=26.0 in dev deps to address CVE-2025-8869 and CVE-2026-1703.
2026-04-14 17:32:18 -04:00
parent d5eb60cb41
commit 2d65d74069
5 changed files with 5 additions and 7 deletions
--- a/decnet/prober/hassh.py
+++ b/decnet/prober/hassh.py
@@ -208,7 +208,7 @@ def _compute_hassh(kex: str, enc: str, mac: str, comp: str) -> str:
    Returns 32-character lowercase hex digest.
    """
    raw = f"{kex};{enc};{mac};{comp}"
-    return hashlib.md5(raw.encode("utf-8")).hexdigest()
+    return hashlib.md5(raw.encode("utf-8")).hexdigest()  # nosec B324


 # ─── Public API ─────────────────────────────────────────────────────────────
--- a/decnet/prober/jarm.py
+++ b/decnet/prober/jarm.py
@@ -297,7 +297,7 @@ def _parse_server_hello(data: bytes) -> str:
        if data[0] != _CONTENT_HANDSHAKE:
            return "|||"

-        record_version = struct.unpack_from("!H", data, 1)[0]
+        struct.unpack_from("!H", data, 1)[0]  # record_version (unused)
        record_len = struct.unpack_from("!H", data, 3)[0]
        hs = data[5: 5 + record_len]