Update safety check for Python dependencies

This patch: 1. Updates the `tox -e safety` command to run the Safety tool [0] against both the Pegleg requirements.txt and the doc/requirements.txt file used only when `tox -e docs` is run. 2. Updates doc/requirements.txt with pinned dependencies so that Safety can check those dependencies. At the time of this patch it is expected for the non-voting Safety gate to fail, because the Promenade version used by Pegleg requires an insecure version of kubernetes, 3.0.0. This version of Kubernetes is impacted by [1] due to the urllib version being used. [0] https://pypi.org/project/safety/ [1] https://nvd.nist.gov/vuln/detail/CVE-2018-20060 Change-Id: I64fb4b1ae7c2814ad0ae11222bf8be531d4f40a5 Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
2020-06-10 09:22:28 -04:00 · 2020-06-10 09:22:28 -04:00 · 766e53dfb4
commit 766e53dfb4
parent c40ffbdd8b
2 changed files with 6 additions and 6 deletions
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@ -3,12 +3,12 @@
 # process, which may cause wedges in the gate later.

 # Documentation
-sphinx>2.1.0
-oslosphinx>=4.7.0 # Apache-2.0
-sphinx_rtd_theme
+sphinx==3.1.0
+oslosphinx==4.18.0 # Apache-2.0
+sphinx_rtd_theme==0.4.3

 # UML image generation
-plantuml
+plantuml==0.3.0

 # Releasenotes
-reno>=2.5.0 # Apache-2.0
+reno==3.1.0 # Apache-2.0
--- a/tox.ini
+++ b/tox.ini
@ -67,7 +67,7 @@ deps =
  safety
 commands =
  pipenv check
-  safety check -r {toxinidir}/doc/requirements.txt --full-report
+  safety check -r {toxinidir}/requirements.txt -r {toxinidir}/doc/requirements.txt --full-report

 [testenv:cover]
 basepython = python3