From 2a8fa10df155f702372775064a837130e727803d Mon Sep 17 00:00:00 2001
From: Raymond Penners <raymond.penners@intenct.nl>
Date: Fri, 8 Nov 2024 11:04:56 +0100
Subject: [PATCH] chore: Fix bandit warnings

---
 allauth/headless/tokens/sessions.py                | 3 ++-
 allauth/socialaccount/providers/facebook/locale.py | 3 ++-
 allauth/socialaccount/providers/mailru/views.py    | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/allauth/headless/tokens/sessions.py b/allauth/headless/tokens/sessions.py
index 5c6d2af8e7..bdc204aee0 100644
--- a/allauth/headless/tokens/sessions.py
+++ b/allauth/headless/tokens/sessions.py
@@ -12,7 +12,8 @@ def create_session_token(self, request: HttpRequest) -> str:
         if not request.session.session_key:
             request.session.save()
         key = request.session.session_key
-        assert isinstance(key, str)  # nosec: We did save.
+        # We did save
+        assert isinstance(key, str)  # nosec
         return key
 
     def lookup_session(self, session_token: str) -> typing.Optional[SessionBase]:
diff --git a/allauth/socialaccount/providers/facebook/locale.py b/allauth/socialaccount/providers/facebook/locale.py
index 2ee0492899..c317539e4f 100644
--- a/allauth/socialaccount/providers/facebook/locale.py
+++ b/allauth/socialaccount/providers/facebook/locale.py
@@ -15,7 +15,8 @@ def _build_locale_table(filename_or_file):
     # Require the XML parser module only if we want the default mapping
     from xml.dom.minidom import parse  # nosec
 
-    dom = parse(filename_or_file)  # nosec: trusted source
+    # Trusted source
+    dom = parse(filename_or_file)  # nosec
 
     reps = dom.getElementsByTagName("representation")
     locs = map(lambda r: r.childNodes[0].data, reps)
diff --git a/allauth/socialaccount/providers/mailru/views.py b/allauth/socialaccount/providers/mailru/views.py
index 2683c700b6..c8d63a4591 100644
--- a/allauth/socialaccount/providers/mailru/views.py
+++ b/allauth/socialaccount/providers/mailru/views.py
@@ -23,9 +23,10 @@ def complete_login(self, request, app, token, **kwargs):
             "uids": uid,
         }
         param_list = sorted([item + "=" + data[item] for item in data])
+        # See: https://api.mail.ru/docs/guides/restapi/
         data["sig"] = md5(
             ("".join(param_list) + app.secret).encode("utf-8")
-        ).hexdigest()  # nosec: https://api.mail.ru/docs/guides/restapi/
+        ).hexdigest()  # nosec
         response = (
             get_adapter().get_requests_session().get(self.profile_url, params=data)
         )