From 634e95ca75103ba43140ca9589981095ff87c6cb Mon Sep 17 00:00:00 2001
From: Eric Brown <browne@vmware.com>
Date: Tue, 1 Mar 2022 13:29:30 -0800
Subject: [PATCH] Replace pbr in favor of importlib

The importlib module has a metadata.version to retrieve the package
version of the given module. This can be used in lieu of pbr for
gathering versioning. And since importlib is part of the base
Python package in 3.8 and greater, we can drop another dependency.

Closes #839

Signed-off-by: Eric Brown <browne@vmware.com>
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
---
 bandit/__init__.py | 7 +++++--
 requirements.txt   | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/bandit/__init__.py b/bandit/__init__.py
index accd94bc..ebaaccee 100644
--- a/bandit/__init__.py
+++ b/bandit/__init__.py
@@ -2,7 +2,10 @@
 # Copyright 2014 Hewlett-Packard Development Company, L.P.
 #
 # SPDX-License-Identifier: Apache-2.0
-import pbr.version
+try:
+    from importlib import metadata
+except ImportError:
+    import importlib_metadata as metadata
 
 from bandit.core import config  # noqa
 from bandit.core import context  # noqa
@@ -16,4 +19,4 @@
 from bandit.core.issue import *  # noqa
 from bandit.core.test_properties import *  # noqa
 
-__version__ = pbr.version.VersionInfo("bandit").version_string()
+__version__ = metadata.version("bandit")
diff --git a/requirements.txt b/requirements.txt
index 99476203..f3f7b1f7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,3 +6,4 @@ PyYAML>=5.3.1 # MIT
 stevedore>=1.20.0 # Apache-2.0
 colorama>=0.3.9;platform_system=="Windows" # BSD License (3 clause)
 rich # MIT
+importlib-metadata;python_version<"3.8" # Apache-2.0