tempest/requirements.txt
jskunda 76db176c7e Fix security vulnerabilities using Bandit
Tempest was using:
-python module xml.etree[1],

It was vulnerable to different atacks.

Instead of xml.etree.ElementTree tempest is now using
defusedxml.ElementTree which is more secure.

[1] https://bandit.readthedocs.io/en/1.7.0/blacklists/blacklist_calls.html B313

Change-Id: I50a8ab3c3be2decccd7480ecf00f1a3e4a75f172
2022-10-10 12:39:23 +00:00

25 lines
843 B
Plaintext

# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
pbr!=2.1.0,>=2.0.0 # Apache-2.0
cliff!=2.9.0,>=2.8.0 # Apache-2.0
jsonschema>=3.2.0 # MIT
testtools>=2.2.0 # MIT
paramiko>=2.7.0 # LGPLv2.1+
cryptography>=2.1 # BSD/Apache-2.0
netaddr>=0.7.18 # BSD
oslo.concurrency>=3.26.0 # Apache-2.0
oslo.config>=5.2.0 # Apache-2.0
oslo.log>=3.36.0 # Apache-2.0
stestr>=1.0.0 # Apache-2.0
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
oslo.utils>=4.7.0 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD
PyYAML>=3.12 # MIT
python-subunit>=1.0.0 # Apache-2.0/BSD
stevedore>=1.20.0 # Apache-2.0
PrettyTable>=0.7.1 # BSD
urllib3>=1.21.1 # MIT
debtcollector>=1.2.0 # Apache-2.0
defusedxml>=0.7.1 # PSFL