76db176c7e
Tempest was using: -python module xml.etree[1], It was vulnerable to different atacks. Instead of xml.etree.ElementTree tempest is now using defusedxml.ElementTree which is more secure. [1] https://bandit.readthedocs.io/en/1.7.0/blacklists/blacklist_calls.html B313 Change-Id: I50a8ab3c3be2decccd7480ecf00f1a3e4a75f172
25 lines
843 B
Plaintext
25 lines
843 B
Plaintext
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
pbr!=2.1.0,>=2.0.0 # Apache-2.0
|
|
cliff!=2.9.0,>=2.8.0 # Apache-2.0
|
|
jsonschema>=3.2.0 # MIT
|
|
testtools>=2.2.0 # MIT
|
|
paramiko>=2.7.0 # LGPLv2.1+
|
|
cryptography>=2.1 # BSD/Apache-2.0
|
|
netaddr>=0.7.18 # BSD
|
|
oslo.concurrency>=3.26.0 # Apache-2.0
|
|
oslo.config>=5.2.0 # Apache-2.0
|
|
oslo.log>=3.36.0 # Apache-2.0
|
|
stestr>=1.0.0 # Apache-2.0
|
|
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
|
oslo.utils>=4.7.0 # Apache-2.0
|
|
fixtures>=3.0.0 # Apache-2.0/BSD
|
|
PyYAML>=3.12 # MIT
|
|
python-subunit>=1.0.0 # Apache-2.0/BSD
|
|
stevedore>=1.20.0 # Apache-2.0
|
|
PrettyTable>=0.7.1 # BSD
|
|
urllib3>=1.21.1 # MIT
|
|
debtcollector>=1.2.0 # Apache-2.0
|
|
defusedxml>=0.7.1 # PSFL
|