Cap bandit for stein and bump lower-constraints
The bandit package no longer supports python 2.7 in the latest version. This patch caps the version of bandit to < 1.6.3. Then we cannot allow >=1.6.3 as it requires a newer version of pyyaml than the stein upper-constraints will allow. Update tox config for new bandit release. Change-Id: Iee2cdc7c149eedb3d62007e4815b3b94c1b0c49e
This commit is contained in:
parent
c256806660
commit
981157d09f
|
@ -3,10 +3,10 @@ alembic==0.8.10
|
||||||
amqp==2.2.2
|
amqp==2.2.2
|
||||||
appdirs==1.4.3
|
appdirs==1.4.3
|
||||||
asn1crypto==0.24.0
|
asn1crypto==0.24.0
|
||||||
astroid==1.3.8
|
astroid==1.6.0
|
||||||
automaton==1.14.0
|
automaton==1.14.0
|
||||||
Babel==2.3.4
|
Babel==2.3.4
|
||||||
bandit==1.4.0
|
bandit==1.1.0
|
||||||
bcrypt==3.1.4
|
bcrypt==3.1.4
|
||||||
beautifulsoup4==4.6.0
|
beautifulsoup4==4.6.0
|
||||||
cachetools==2.0.1
|
cachetools==2.0.1
|
||||||
|
@ -34,7 +34,7 @@ eventlet==0.20.0
|
||||||
extras==1.0.0
|
extras==1.0.0
|
||||||
fasteners==0.14.1
|
fasteners==0.14.1
|
||||||
fixtures==3.0.0
|
fixtures==3.0.0
|
||||||
flake8==2.5.5
|
flake8==2.6.2
|
||||||
flake8-import-order==0.12
|
flake8-import-order==0.12
|
||||||
Flask==0.10
|
Flask==0.10
|
||||||
future==0.16.0
|
future==0.16.0
|
||||||
|
@ -44,7 +44,7 @@ gitdb2==2.0.3
|
||||||
GitPython==2.1.8
|
GitPython==2.1.8
|
||||||
greenlet==0.4.13
|
greenlet==0.4.13
|
||||||
gunicorn==19.0.0
|
gunicorn==19.0.0
|
||||||
hacking==0.12.0
|
hacking==1.1.0
|
||||||
idna==2.6
|
idna==2.6
|
||||||
imagesize==1.0.0
|
imagesize==1.0.0
|
||||||
ipaddress==1.0.17
|
ipaddress==1.0.17
|
||||||
|
@ -62,7 +62,7 @@ linecache2==1.0.0
|
||||||
logilab-common==1.4.1
|
logilab-common==1.4.1
|
||||||
logutils==0.3.5
|
logutils==0.3.5
|
||||||
Mako==1.0.7
|
Mako==1.0.7
|
||||||
MarkupSafe==1.0
|
MarkupSafe==1.1.0
|
||||||
mccabe==0.4.0
|
mccabe==0.4.0
|
||||||
mock==2.0.0
|
mock==2.0.0
|
||||||
monotonic==1.4
|
monotonic==1.4
|
||||||
|
@ -88,7 +88,7 @@ oslo.messaging==6.3.0
|
||||||
oslo.middleware==3.31.0
|
oslo.middleware==3.31.0
|
||||||
oslo.policy==1.30.0
|
oslo.policy==1.30.0
|
||||||
oslo.reports==1.18.0
|
oslo.reports==1.18.0
|
||||||
oslo.serialization==2.18.0
|
oslo.serialization==2.28.1
|
||||||
oslo.service==1.30.0
|
oslo.service==1.30.0
|
||||||
oslo.upgradecheck==0.1.0
|
oslo.upgradecheck==0.1.0
|
||||||
oslo.utils==3.33.0
|
oslo.utils==3.33.0
|
||||||
|
@ -107,7 +107,7 @@ psutil==5.4.3
|
||||||
pyasn1==0.1.8
|
pyasn1==0.1.8
|
||||||
pyasn1-modules==0.0.6
|
pyasn1-modules==0.0.6
|
||||||
pycadf==2.7.0
|
pycadf==2.7.0
|
||||||
pycodestyle==2.3.1
|
pycodestyle==2.0.0
|
||||||
pycparser==2.18
|
pycparser==2.18
|
||||||
pydot==1.2.4
|
pydot==1.2.4
|
||||||
pyflakes==1.0.0
|
pyflakes==1.0.0
|
||||||
|
@ -166,7 +166,7 @@ urllib3==1.22
|
||||||
vine==1.1.4
|
vine==1.1.4
|
||||||
voluptuous==0.11.1
|
voluptuous==0.11.1
|
||||||
waitress==1.1.0
|
waitress==1.1.0
|
||||||
warlock==1.3.0
|
warlock==1.3.1
|
||||||
WebOb==1.7.1
|
WebOb==1.7.1
|
||||||
WebTest==2.0.29
|
WebTest==2.0.29
|
||||||
Werkzeug==0.14.1
|
Werkzeug==0.14.1
|
||||||
|
|
|
@ -25,7 +25,7 @@ oslo.messaging>=6.3.0 # Apache-2.0
|
||||||
oslo.middleware>=3.31.0 # Apache-2.0
|
oslo.middleware>=3.31.0 # Apache-2.0
|
||||||
oslo.policy>=1.30.0 # Apache-2.0
|
oslo.policy>=1.30.0 # Apache-2.0
|
||||||
oslo.reports>=1.18.0 # Apache-2.0
|
oslo.reports>=1.18.0 # Apache-2.0
|
||||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
oslo.serialization>=2.28.1 # Apache-2.0
|
||||||
oslo.upgradecheck>=0.1.0 # Apache-2.0
|
oslo.upgradecheck>=0.1.0 # Apache-2.0
|
||||||
oslo.utils>=3.33.0 # Apache-2.0
|
oslo.utils>=3.33.0 # Apache-2.0
|
||||||
pyasn1!=0.2.3,>=0.1.8 # BSD
|
pyasn1!=0.2.3,>=0.1.8 # BSD
|
||||||
|
@ -38,7 +38,8 @@ pyOpenSSL>=17.1.0 # Apache-2.0
|
||||||
WSME>=0.8.0 # MIT
|
WSME>=0.8.0 # MIT
|
||||||
Jinja2>=2.10 # BSD License (3 clause)
|
Jinja2>=2.10 # BSD License (3 clause)
|
||||||
taskflow>=2.16.0 # Apache-2.0
|
taskflow>=2.16.0 # Apache-2.0
|
||||||
diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2 # Apache-2.0
|
diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2,<3.0.0;python_version=='2.7' # Apache-2.0
|
||||||
|
diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2;python_version>='3.0' # Apache-2.0
|
||||||
futures>=3.0.0;python_version=='2.7' or python_version=='2.6' # BSD
|
futures>=3.0.0;python_version=='2.7' or python_version=='2.6' # BSD
|
||||||
castellan>=0.16.0 # Apache-2.0
|
castellan>=0.16.0 # Apache-2.0
|
||||||
tenacity>=4.9.0 # Apache-2.0
|
tenacity>=4.9.0 # Apache-2.0
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# The order of packages is significant, because pip processes them in the order
|
# The order of packages is significant, because pip processes them in the order
|
||||||
# of appearance. Changing the order has an impact on the overall integration
|
# of appearance. Changing the order has an impact on the overall integration
|
||||||
# process, which may cause wedges in the gate later.
|
# process, which may cause wedges in the gate later.
|
||||||
hacking!=0.13.0,<0.14,>=0.12.0,<2 # Apache-2.0
|
hacking>=1.1.0,<1.2.0 # Apache-2.0
|
||||||
requests-mock>=1.2.0 # Apache-2.0
|
requests-mock>=1.2.0 # Apache-2.0
|
||||||
coverage!=4.4,>=4.0 # Apache-2.0
|
coverage!=4.4,>=4.0 # Apache-2.0
|
||||||
flake8-import-order==0.12 # LGPLv3
|
flake8-import-order==0.12 # LGPLv3
|
||||||
|
@ -14,7 +14,7 @@ testtools>=2.2.0 # MIT
|
||||||
testresources>=2.0.0 # Apache-2.0/BSD
|
testresources>=2.0.0 # Apache-2.0/BSD
|
||||||
testscenarios>=0.4 # Apache-2.0/BSD
|
testscenarios>=0.4 # Apache-2.0/BSD
|
||||||
doc8>=0.6.0 # Apache-2.0
|
doc8>=0.6.0 # Apache-2.0
|
||||||
bandit>=1.1.0 # Apache-2.0
|
bandit>=1.1.0,<1.6.0 # Apache-2.0
|
||||||
tempest>=17.1.0 # Apache-2.0
|
tempest>=17.1.0 # Apache-2.0
|
||||||
# Required for pep8 - doc8 tests
|
# Required for pep8 - doc8 tests
|
||||||
sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
|
sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
|
||||||
|
|
4
tox.ini
4
tox.ini
|
@ -78,7 +78,7 @@ commands = flake8
|
||||||
doc/source octavia CONSTITUTION.rst HACKING.rst README.rst \
|
doc/source octavia CONSTITUTION.rst HACKING.rst README.rst \
|
||||||
TESTING.rst
|
TESTING.rst
|
||||||
# Run security linter
|
# Run security linter
|
||||||
bandit -r octavia -ll -ii -x 'octavia/tests/*'
|
{[testenv:bandit]commands}
|
||||||
# Make sure specs follow our template
|
# Make sure specs follow our template
|
||||||
find . -type f -name "*.pyc" -delete
|
find . -type f -name "*.pyc" -delete
|
||||||
python -m unittest specs-tests.test_titles
|
python -m unittest specs-tests.test_titles
|
||||||
|
@ -137,7 +137,7 @@ commands =
|
||||||
|
|
||||||
[testenv:bandit]
|
[testenv:bandit]
|
||||||
basepython = python3
|
basepython = python3
|
||||||
commands = bandit -r octavia -ll -ii -x octavia/tests {posargs}
|
commands = bandit -r octavia -ll -ii -x tests
|
||||||
|
|
||||||
[flake8]
|
[flake8]
|
||||||
ignore = H104
|
ignore = H104
|
||||||
|
|
Loading…
Reference in New Issue