91a57e56e0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop respecting excluded directories, and our tests throw a bunch of violations. Blacklist this version, but allow newer versions as there is already a pull request[1] to fix it, and I expect it will be included in the next release. [0] https://github.com/PyCQA/bandit/issues/488 [1] https://github.com/PyCQA/bandit/pull/489 For additional details, refer to ML Thread[1] [1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html Change-Id: I01b3ee75aa52b2711bacbf26690ce55a4c3f336e
27 lines
1.0 KiB
Plaintext
27 lines
1.0 KiB
Plaintext
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
# Order matters to the pip dependency resolver, so sorting this file
|
|
# changes how packages are installed. New dependencies should be
|
|
# added in alphabetical order, however, some dependencies may need to
|
|
# be installed in a specific order.
|
|
#
|
|
# Hacking should appear first in case something else depends on pep8
|
|
hacking>=1.1.0 # Apache-2.0
|
|
#
|
|
astroid==2.1.0;python_version>='3.0' # LGPLv2.1
|
|
bandit!=1.6.0,>=1.4.0 # Apache-2.0
|
|
coverage!=4.4,>=4.0 # Apache-2.0
|
|
doc8>=0.6.0 # Apache-2.0
|
|
flake8-import-order==0.12 # LGPLv3
|
|
mock>=2.0.0 # BSD
|
|
mox3>=0.20.0 # Apache-2.0
|
|
nodeenv>=0.9.4 # BSD
|
|
python-memcached>=1.59 # PSF
|
|
pylint==2.2.2;python_version>='3.0' # GPLv2
|
|
selenium>=2.50.1 # Apache-2.0
|
|
testscenarios>=0.4 # Apache-2.0/BSD
|
|
testtools>=2.2.0 # MIT
|
|
# This also needs xvfb library installed on your OS
|
|
xvfbwrapper>=0.1.3 #license: MIT
|