pre-commit hook can't read version --> wrong URL generated

[gothicVI]

Describe the bug

When running in pre-commit a wrong URL pointing to the documentation is generated. This seems to be due to some bug in the environment that no longer allows the version of bandit to be read somehow.

Reproduction steps

1. Have some code that causes an issue, e.g.:

import sqlite3
table_name: str = "test"
schema: str = "uuid TEXT"
with sqlite3.connect("my.db") as conn:
    cur: sqlite3.Cursor = conn.cursor()
    cur.execute(f"CREATE TABLE IF NOT EXISTS {table_name} ({schema})")
    cur.close()

2. Run bandit on the code:

$ bandit --version && bandit test.py
bandit 1.7.10
  python version = 3.11.2 (main, Sep 14 2024, 03:00:30) [GCC 12.2.0]
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.11.2
Run started:2024-11-18 12:03:24.263167

Test results:
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
   Severity: Medium   Confidence: Medium
   CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b608_hardcoded_sql_expressions.html
   Location: ./test.py:6:4
5   cur: sqlite3.Cursor = conn.cursor()
6   cur.execute(f"CREATE TABLE IF NOT EXISTS {table_name} ({schema})")
7   cur.close()

--------------------------------------------------

Code scanned:
        Total lines of code: 7
        Total lines skipped (#nosec): 0

Run metrics:
        Total issues (by severity):
                Undefined: 0
                Low: 0
                Medium: 1
                High: 0
        Total issues (by confidence):
                Undefined: 0
                Low: 1
                Medium: 0
                High: 0
Files skipped (0):

3. Run the same code in pre-commit using the following .pre-commit-config.yaml

...
- repo: https://github.com/PyCQA/bandit
  rev: 1.7.10
  hooks:
  - id: bandit
    args: ["-c", "pyproject.toml"]
    additional_dependencies: ["bandit[toml]"]
    exclude:
      some_stuff_unrelated_to_the_current_file_but_mentioned_to_be_complete_if_necessary
...

yields

$ pre-commit run bandit --file test.py
bandit...................................................................Failed
- hook id: bandit
- exit code: 1

[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: B404,B603
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    using config: pyproject.toml
[main]  INFO    running on Python 3.11.2
Run started:2024-11-18 11:40:13.841442

Test results:
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
   Severity: Medium   Confidence: Medium
   CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
   More Info: https://bandit.readthedocs.io/en/0.0.0/plugins/b608_hardcoded_sql_expressions.html
   Location: ./test.py:6:4
5   cur: sqlite3.Cursor = conn.cursor()
6   cur.execute(f"CREATE TABLE IF NOT EXISTS {table_name} ({schema})")
7   cur.close()

--------------------------------------------------

Code scanned:
        Total lines of code: 7
        Total lines skipped (#nosec): 0

Run metrics:
        Total issues (by severity):
                Undefined: 0
                Low: 0
                Medium: 1
                High: 0
        Total issues (by confidence):
                Undefined: 0
                Low: 1
                Medium: 0
                High: 0
Files skipped (0):

Expected behavior

More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b608_hardcoded_sql_expressions.html instead of More Info: https://bandit.readthedocs.io/en/0.0.0/plugins/b608_hardcoded_sql_expressions.html

Bandit version

1.7.10 (Default)

Python version

3.11

Additional context

Debian 12.8, kernel 6.1.0-27 but I assume that should be irrelevant.