Blacklist bandit 1.6.0
There's a regression[0] in bandit 1.6.0 which causes bandit to stop respecting excluded directories, and our tests throw a bunch of violations. Blacklist this version, but allow newer versions as there is already a pull request[1] to fix it, and I expect it will be included in the next release. [0] https://github.com/PyCQA/bandit/issues/488 [1] https://github.com/PyCQA/bandit/pull/489 For additional details, refer to ML Thread[1] [1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html Change-Id: I01b3ee75aa52b2711bacbf26690ce55a4c3f336e
This commit is contained in:
parent
ce00c5ab1c
commit
91a57e56e0
|
@ -3,6 +3,7 @@ amqp==2.1.1
|
||||||
appdirs==1.4.0
|
appdirs==1.4.0
|
||||||
asn1crypto==0.23.0
|
asn1crypto==0.23.0
|
||||||
Babel==2.3.4
|
Babel==2.3.4
|
||||||
|
bandit==1.4.0
|
||||||
cachetools==2.0.0
|
cachetools==2.0.0
|
||||||
cffi==1.7.0
|
cffi==1.7.0
|
||||||
chardet==3.0.4
|
chardet==3.0.4
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
hacking>=1.1.0 # Apache-2.0
|
hacking>=1.1.0 # Apache-2.0
|
||||||
#
|
#
|
||||||
astroid==2.1.0;python_version>='3.0' # LGPLv2.1
|
astroid==2.1.0;python_version>='3.0' # LGPLv2.1
|
||||||
bandit>=1.4.0 # Apache-2.0
|
bandit!=1.6.0,>=1.4.0 # Apache-2.0
|
||||||
coverage!=4.4,>=4.0 # Apache-2.0
|
coverage!=4.4,>=4.0 # Apache-2.0
|
||||||
doc8>=0.6.0 # Apache-2.0
|
doc8>=0.6.0 # Apache-2.0
|
||||||
flake8-import-order==0.12 # LGPLv3
|
flake8-import-order==0.12 # LGPLv3
|
||||||
|
|
Loading…
Reference in New Issue