011fa22c42
There's a regression[0] in bandit 1.6.0 which causes bandit to stop respecting excluded directories, and our tests throw a bunch of violations. Blacklist this version, but allow newer versions as there is already a pull request[1] to fix it, and I expect it will be included in the next release. Also fix the requirements job which was broken by https://review.opendev.org/657890 adding a cap on Sphinx on Python 2. [0] https://github.com/PyCQA/bandit/issues/488 [1] https://github.com/PyCQA/bandit/pull/489 Change-Id: Ieabcd4e8c5e5354125a63e89b9b60931c760858a
23 lines
788 B
Plaintext
23 lines
788 B
Plaintext
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
|
|
# Hacking already pins down pep8, pyflakes and flake8
|
|
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
|
|
bandit!=1.6.0,>=1.1.0 # Apache-2.0
|
|
coverage!=4.4,>=4.0 # Apache-2.0
|
|
fixtures>=3.0.0 # Apache-2.0/BSD
|
|
kombu!=4.0.2,>=4.0.0 # BSD
|
|
mock>=2.0.0 # BSD
|
|
PyMySQL>=0.7.6 # MIT License
|
|
oslotest>=3.2.0 # Apache-2.0
|
|
psycopg2>=2.7 # LGPL/ZPL
|
|
stestr>=2.0.0 # Apache-2.0
|
|
testscenarios>=0.4 # Apache-2.0/BSD
|
|
testtools>=2.2.0 # MIT
|
|
testresources>=2.0.0 # Apache-2.0/BSD
|
|
doc8>=0.6.0 # Apache-2.0
|
|
Pygments>=2.2.0 # BSD license
|
|
# Next are used in integration tests only
|
|
tempest>=17.1.0 # Apache-2.0
|