Browse Source

Update safety check for Python dependencies

This patch:
1. Updates the `tox -e safety` command to run the Safety tool [0]
   against both the Pegleg requirements.txt and the
   doc/requirements.txt file used only when `tox -e docs` is run.
2. Updates doc/requirements.txt with pinned dependencies so that
   Safety can check those dependencies.

At the time of this patch it is expected for the non-voting Safety
gate to fail, because the Promenade version used by Pegleg requires
an insecure version of kubernetes, 3.0.0.  This version of Kubernetes
is impacted by [1] due to the urllib version being used.

[0] https://pypi.org/project/safety/
[1] https://nvd.nist.gov/vuln/detail/CVE-2018-20060

Change-Id: I64fb4b1ae7c2814ad0ae11222bf8be531d4f40a5
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
changes/39/734839/3
Alexander Hughes 1 year ago
parent
commit
766e53dfb4
  1. 10
      doc/requirements.txt
  2. 2
      tox.ini

10
doc/requirements.txt

@ -3,12 +3,12 @@
# process, which may cause wedges in the gate later.
# Documentation
sphinx>2.1.0
oslosphinx>=4.7.0 # Apache-2.0
sphinx_rtd_theme
sphinx==3.1.0
oslosphinx==4.18.0 # Apache-2.0
sphinx_rtd_theme==0.4.3
# UML image generation
plantuml
plantuml==0.3.0
# Releasenotes
reno>=2.5.0 # Apache-2.0
reno==3.1.0 # Apache-2.0

2
tox.ini

@ -67,7 +67,7 @@ deps =
safety
commands =
pipenv check
safety check -r {toxinidir}/doc/requirements.txt --full-report
safety check -r {toxinidir}/requirements.txt -r {toxinidir}/doc/requirements.txt --full-report
[testenv:cover]
basepython = python3

Loading…
Cancel
Save