From 981157d09febcf92576ce3701af8b5f1d8a4b2f0 Mon Sep 17 00:00:00 2001 From: Michael Johnson Date: Mon, 7 Dec 2020 11:18:34 -0800 Subject: [PATCH] Cap bandit for stein and bump lower-constraints The bandit package no longer supports python 2.7 in the latest version. This patch caps the version of bandit to < 1.6.3. Then we cannot allow >=1.6.3 as it requires a newer version of pyyaml than the stein upper-constraints will allow. Update tox config for new bandit release. Change-Id: Iee2cdc7c149eedb3d62007e4815b3b94c1b0c49e --- lower-constraints.txt | 16 ++++++++-------- requirements.txt | 5 +++-- test-requirements.txt | 4 ++-- tox.ini | 4 ++-- 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/lower-constraints.txt b/lower-constraints.txt index 5bd71d4038..717adb94b7 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -3,10 +3,10 @@ alembic==0.8.10 amqp==2.2.2 appdirs==1.4.3 asn1crypto==0.24.0 -astroid==1.3.8 +astroid==1.6.0 automaton==1.14.0 Babel==2.3.4 -bandit==1.4.0 +bandit==1.1.0 bcrypt==3.1.4 beautifulsoup4==4.6.0 cachetools==2.0.1 @@ -34,7 +34,7 @@ eventlet==0.20.0 extras==1.0.0 fasteners==0.14.1 fixtures==3.0.0 -flake8==2.5.5 +flake8==2.6.2 flake8-import-order==0.12 Flask==0.10 future==0.16.0 @@ -44,7 +44,7 @@ gitdb2==2.0.3 GitPython==2.1.8 greenlet==0.4.13 gunicorn==19.0.0 -hacking==0.12.0 +hacking==1.1.0 idna==2.6 imagesize==1.0.0 ipaddress==1.0.17 @@ -62,7 +62,7 @@ linecache2==1.0.0 logilab-common==1.4.1 logutils==0.3.5 Mako==1.0.7 -MarkupSafe==1.0 +MarkupSafe==1.1.0 mccabe==0.4.0 mock==2.0.0 monotonic==1.4 @@ -88,7 +88,7 @@ oslo.messaging==6.3.0 oslo.middleware==3.31.0 oslo.policy==1.30.0 oslo.reports==1.18.0 -oslo.serialization==2.18.0 +oslo.serialization==2.28.1 oslo.service==1.30.0 oslo.upgradecheck==0.1.0 oslo.utils==3.33.0 @@ -107,7 +107,7 @@ psutil==5.4.3 pyasn1==0.1.8 pyasn1-modules==0.0.6 pycadf==2.7.0 -pycodestyle==2.3.1 +pycodestyle==2.0.0 pycparser==2.18 pydot==1.2.4 pyflakes==1.0.0 @@ -166,7 +166,7 @@ urllib3==1.22 vine==1.1.4 voluptuous==0.11.1 waitress==1.1.0 -warlock==1.3.0 +warlock==1.3.1 WebOb==1.7.1 WebTest==2.0.29 Werkzeug==0.14.1 diff --git a/requirements.txt b/requirements.txt index c08fbdb97c..a76589e800 100644 --- a/requirements.txt +++ b/requirements.txt @@ -25,7 +25,7 @@ oslo.messaging>=6.3.0 # Apache-2.0 oslo.middleware>=3.31.0 # Apache-2.0 oslo.policy>=1.30.0 # Apache-2.0 oslo.reports>=1.18.0 # Apache-2.0 -oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 +oslo.serialization>=2.28.1 # Apache-2.0 oslo.upgradecheck>=0.1.0 # Apache-2.0 oslo.utils>=3.33.0 # Apache-2.0 pyasn1!=0.2.3,>=0.1.8 # BSD @@ -38,7 +38,8 @@ pyOpenSSL>=17.1.0 # Apache-2.0 WSME>=0.8.0 # MIT Jinja2>=2.10 # BSD License (3 clause) taskflow>=2.16.0 # Apache-2.0 -diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2 # Apache-2.0 +diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2,<3.0.0;python_version=='2.7' # Apache-2.0 +diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2;python_version>='3.0' # Apache-2.0 futures>=3.0.0;python_version=='2.7' or python_version=='2.6' # BSD castellan>=0.16.0 # Apache-2.0 tenacity>=4.9.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index 14be4f6dbc..04fc236d14 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,7 +1,7 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -hacking!=0.13.0,<0.14,>=0.12.0,<2 # Apache-2.0 +hacking>=1.1.0,<1.2.0 # Apache-2.0 requests-mock>=1.2.0 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0 flake8-import-order==0.12 # LGPLv3 @@ -14,7 +14,7 @@ testtools>=2.2.0 # MIT testresources>=2.0.0 # Apache-2.0/BSD testscenarios>=0.4 # Apache-2.0/BSD doc8>=0.6.0 # Apache-2.0 -bandit>=1.1.0 # Apache-2.0 +bandit>=1.1.0,<1.6.0 # Apache-2.0 tempest>=17.1.0 # Apache-2.0 # Required for pep8 - doc8 tests sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD diff --git a/tox.ini b/tox.ini index e1e33e39be..452f5eae3f 100644 --- a/tox.ini +++ b/tox.ini @@ -78,7 +78,7 @@ commands = flake8 doc/source octavia CONSTITUTION.rst HACKING.rst README.rst \ TESTING.rst # Run security linter - bandit -r octavia -ll -ii -x 'octavia/tests/*' + {[testenv:bandit]commands} # Make sure specs follow our template find . -type f -name "*.pyc" -delete python -m unittest specs-tests.test_titles @@ -137,7 +137,7 @@ commands = [testenv:bandit] basepython = python3 -commands = bandit -r octavia -ll -ii -x octavia/tests {posargs} +commands = bandit -r octavia -ll -ii -x tests [flake8] ignore = H104