0554ee1d47
Bandit 1.6.0 changes the behavior of the '-x' option so that it now supports glob patterns. Update our tox file to use to correctly exclude test code from bandit scans. This requires bumping our minimum bandit version. For additional details, refer to ML Thread[1] [1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html Change-Id: I0b61934067bfb69ed3375f14bb1e05c9eeb694ad
25 lines
867 B
Plaintext
25 lines
867 B
Plaintext
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
|
|
# Install bounded pep8/pyflakes first, then let flake8 install
|
|
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
|
|
|
|
coverage!=4.4,>=4.0 # Apache-2.0
|
|
ddt>=1.2.1 # MIT
|
|
fixtures>=3.0.0 # Apache-2.0/BSD
|
|
mock>=2.0.0 # BSD
|
|
os-api-ref>=1.4.0 # Apache-2.0
|
|
oslotest>=3.2.0 # Apache-2.0
|
|
PyMySQL>=0.7.6 # MIT License
|
|
psycopg2>=2.7 # LGPL/ZPL
|
|
testtools>=2.2.0 # MIT
|
|
testresources>=2.0.0 # Apache-2.0/BSD
|
|
testscenarios>=0.4 # Apache-2.0/BSD
|
|
oslo.versionedobjects[fixtures]>=1.31.2 # Apache-2.0
|
|
tempest>=17.1.0 # Apache-2.0
|
|
# bandit is not included in upper-constraints,
|
|
# so we need to pin it here to a known working version
|
|
bandit==1.6.0 # Apache-2.0
|
|
reno>=2.5.0 # Apache-2.0
|