[stable-only] Cap bandit and fix constraints
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. With the introduction of the new dependency resolver in 20.3 pip the lower-constraints job starts to fail as now the constraints are working as they should. Multiple fixes needed: * lower-constraints job uses the [testenv]install_command, so it gives both the upper-constraints and lower-constraints, which causes the job to fail. As an easy fix install_command is added to this target without the upper constraints. * duplicate stestr constraint removed * cryptography lower constraint is bumped as with version 2.1 the new resolver of pip takes hours to install the packages * contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too * lower-constraints test job failed with error message: "[..] unexpected keyword argument 'barbican_endpoint_type'" which is due to old version of castellan. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] https://github.com/PyCQA/bandit/pull/615 [3] https://github.com/PyCQA/bandit/issues/663 [4] https://github.com/PyCQA/bandit/issues/665 Change-Id: I4b33c2544c911bd68ed8af4c754c9f5dc0c93be8
This commit is contained in:
parent
4f69886531
commit
43997de7bd
|
@ -7,7 +7,7 @@ astroid==1.3.8
|
||||||
Babel==2.3.4
|
Babel==2.3.4
|
||||||
bandit==1.1.0
|
bandit==1.1.0
|
||||||
cachetools==2.0.1
|
cachetools==2.0.1
|
||||||
castellan==0.16.0
|
castellan==0.18.0
|
||||||
certifi==2018.1.18
|
certifi==2018.1.18
|
||||||
cffi==1.11.5
|
cffi==1.11.5
|
||||||
chardet==3.0.4
|
chardet==3.0.4
|
||||||
|
@ -15,7 +15,7 @@ cliff==2.11.0
|
||||||
cmd2==0.8.1
|
cmd2==0.8.1
|
||||||
contextlib2==0.5.5
|
contextlib2==0.5.5
|
||||||
coverage==4.0
|
coverage==4.0
|
||||||
cryptography==2.1
|
cryptography==2.1.4
|
||||||
debtcollector==1.2.0
|
debtcollector==1.2.0
|
||||||
decorator==4.2.1
|
decorator==4.2.1
|
||||||
deprecation==2.0
|
deprecation==2.0
|
||||||
|
@ -27,13 +27,13 @@ eventlet==0.18.2
|
||||||
extras==1.0.0
|
extras==1.0.0
|
||||||
fasteners==0.14.1
|
fasteners==0.14.1
|
||||||
fixtures==3.0.0
|
fixtures==3.0.0
|
||||||
flake8==2.5.5
|
flake8==2.6.0
|
||||||
future==0.16.0
|
future==0.16.0
|
||||||
futurist==1.6.0
|
futurist==1.6.0
|
||||||
gitdb2==2.0.3
|
gitdb2==2.0.3
|
||||||
GitPython==2.1.8
|
GitPython==2.1.8
|
||||||
greenlet==0.4.13
|
greenlet==0.4.13
|
||||||
hacking==0.12.0
|
hacking==1.1.0
|
||||||
idna==2.6
|
idna==2.6
|
||||||
imagesize==1.0.0
|
imagesize==1.0.0
|
||||||
iso8601==0.1.12
|
iso8601==0.1.12
|
||||||
|
@ -100,7 +100,7 @@ pyinotify==0.9.6
|
||||||
pylint==1.4.5
|
pylint==1.4.5
|
||||||
PyMySQL==0.7.6
|
PyMySQL==0.7.6
|
||||||
pyOpenSSL==17.5.0
|
pyOpenSSL==17.5.0
|
||||||
pyparsing==2.2.0
|
pyparsing==2.4.2
|
||||||
pyperclip==1.6.0
|
pyperclip==1.6.0
|
||||||
python-barbicanclient==4.6.0
|
python-barbicanclient==4.6.0
|
||||||
python-congressclient==1.9.0
|
python-congressclient==1.9.0
|
||||||
|
@ -135,7 +135,6 @@ sqlalchemy-migrate==0.11.0
|
||||||
SQLAlchemy==1.0.10
|
SQLAlchemy==1.0.10
|
||||||
sqlparse==0.2.4
|
sqlparse==0.2.4
|
||||||
statsd==3.2.2
|
statsd==3.2.2
|
||||||
stestr==2.0.0
|
|
||||||
stevedore==1.20.0
|
stevedore==1.20.0
|
||||||
Tempita==0.5.2
|
Tempita==0.5.2
|
||||||
tenacity==4.4.0
|
tenacity==4.4.0
|
||||||
|
|
|
@ -22,7 +22,7 @@ keystonemiddleware>=4.17.0 # Apache-2.0
|
||||||
testtools>=2.2.0 # MIT
|
testtools>=2.2.0 # MIT
|
||||||
yaql>=1.1.3 # Apache 2.0 License
|
yaql>=1.1.3 # Apache 2.0 License
|
||||||
debtcollector>=1.2.0 # Apache-2.0
|
debtcollector>=1.2.0 # Apache-2.0
|
||||||
cryptography>=2.1 # BSD/Apache-2.0
|
cryptography>=2.1.4 # BSD/Apache-2.0
|
||||||
|
|
||||||
# For paste.util.template used in keystone.common.template
|
# For paste.util.template used in keystone.common.template
|
||||||
Paste>=2.0.2 # MIT
|
Paste>=2.0.2 # MIT
|
||||||
|
@ -48,4 +48,4 @@ oslo.i18n>=3.15.3 # Apache-2.0
|
||||||
oslo.log>=3.36.0 # Apache-2.0
|
oslo.log>=3.36.0 # Apache-2.0
|
||||||
oslo.upgradecheck>=0.1.0 # Apache-2.0
|
oslo.upgradecheck>=0.1.0 # Apache-2.0
|
||||||
semantic-version>=2.8.2 # BSD
|
semantic-version>=2.8.2 # BSD
|
||||||
castellan>=0.16.0 # Apache-2.0
|
castellan>=0.18.0 # Apache-2.0
|
||||||
|
|
|
@ -18,7 +18,7 @@ pycodestyle>=2.0.0 # MIT License
|
||||||
requests>=2.14.2 # Apache-2.0
|
requests>=2.14.2 # Apache-2.0
|
||||||
stestr>=1.0.0 # Apache-2.0
|
stestr>=1.0.0 # Apache-2.0
|
||||||
murano-pkg-check>=0.3.0 # Apache-2.0
|
murano-pkg-check>=0.3.0 # Apache-2.0
|
||||||
bandit>=1.1.0,!=1.6.0 # Apache-2.0
|
bandit>=1.1.0,!=1.6.0,<=1.6.2 # Apache-2.0
|
||||||
|
|
||||||
# Some of the tests use real MySQL and Postgres databases
|
# Some of the tests use real MySQL and Postgres databases
|
||||||
PyMySQL>=0.7.6 # MIT License
|
PyMySQL>=0.7.6 # MIT License
|
||||||
|
|
1
tox.ini
1
tox.ini
|
@ -133,6 +133,7 @@ commands = bindep test
|
||||||
usedevelop = False
|
usedevelop = False
|
||||||
|
|
||||||
[testenv:lower-constraints]
|
[testenv:lower-constraints]
|
||||||
|
install_command = pip install {opts} {packages}
|
||||||
basepython = python3
|
basepython = python3
|
||||||
deps =
|
deps =
|
||||||
-c{toxinidir}/lower-constraints.txt
|
-c{toxinidir}/lower-constraints.txt
|
||||||
|
|
Loading…
Reference in New Issue