Update safety check for Python dependencies

This patch:
1. Updates the `tox -e safety` command to run the Safety tool [0]
   against both the Pegleg requirements.txt and the
   doc/requirements.txt file used only when `tox -e docs` is run.
2. Updates doc/requirements.txt with pinned dependencies so that
   Safety can check those dependencies.

At the time of this patch it is expected for the non-voting Safety
gate to fail, because the Promenade version used by Pegleg requires
an insecure version of kubernetes, 3.0.0.  This version of Kubernetes
is impacted by [1] due to the urllib version being used.

[0] https://pypi.org/project/safety/
[1] https://nvd.nist.gov/vuln/detail/CVE-2018-20060

Change-Id: I64fb4b1ae7c2814ad0ae11222bf8be531d4f40a5
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
This commit is contained in:
Alexander Hughes 2020-06-10 09:22:28 -04:00
parent c40ffbdd8b
commit 766e53dfb4
2 changed files with 6 additions and 6 deletions

View File

@ -3,12 +3,12 @@
# process, which may cause wedges in the gate later. # process, which may cause wedges in the gate later.
# Documentation # Documentation
sphinx>2.1.0 sphinx==3.1.0
oslosphinx>=4.7.0 # Apache-2.0 oslosphinx==4.18.0 # Apache-2.0
sphinx_rtd_theme sphinx_rtd_theme==0.4.3
# UML image generation # UML image generation
plantuml plantuml==0.3.0
# Releasenotes # Releasenotes
reno>=2.5.0 # Apache-2.0 reno==3.1.0 # Apache-2.0

View File

@ -67,7 +67,7 @@ deps =
safety safety
commands = commands =
pipenv check pipenv check
safety check -r {toxinidir}/doc/requirements.txt --full-report safety check -r {toxinidir}/requirements.txt -r {toxinidir}/doc/requirements.txt --full-report
[testenv:cover] [testenv:cover]
basepython = python3 basepython = python3