766e53dfb4
This patch: 1. Updates the `tox -e safety` command to run the Safety tool [0] against both the Pegleg requirements.txt and the doc/requirements.txt file used only when `tox -e docs` is run. 2. Updates doc/requirements.txt with pinned dependencies so that Safety can check those dependencies. At the time of this patch it is expected for the non-voting Safety gate to fail, because the Promenade version used by Pegleg requires an insecure version of kubernetes, 3.0.0. This version of Kubernetes is impacted by [1] due to the urllib version being used. [0] https://pypi.org/project/safety/ [1] https://nvd.nist.gov/vuln/detail/CVE-2018-20060 Change-Id: I64fb4b1ae7c2814ad0ae11222bf8be531d4f40a5 Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
15 lines
378 B
Plaintext
15 lines
378 B
Plaintext
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
|
|
# Documentation
|
|
sphinx==3.1.0
|
|
oslosphinx==4.18.0 # Apache-2.0
|
|
sphinx_rtd_theme==0.4.3
|
|
|
|
# UML image generation
|
|
plantuml==0.3.0
|
|
|
|
# Releasenotes
|
|
reno==3.1.0 # Apache-2.0
|