Bump bandit
Address incompatibility with Python 3.8, which happens due to the older
bandits use of the private '_ast' module instead of 'ast' [1] and the
deprecated 'Num' having been removed from the former. The bump requires
an additional nosec for a line that is misidentified as a hardcoded
password.
A note about requirements ordering is removed as it hasn't been relevant
since pip 20.3 introduced the new dependency resolver.
[1] 09b0207e2b
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: Icaaa3a2e24429bba5cf70c04062cfa5820c8a1bf
This commit is contained in:
parent
b5ddc0732e
commit
9df23dc6a8
|
@ -504,7 +504,7 @@ class OidcDeviceAuthorization(_OidcBase):
|
|||
:type code_challenge_method: string
|
||||
"""
|
||||
# RFC 8628 only allows to retrieve an access_token
|
||||
self.access_token_type = 'access_token'
|
||||
self.access_token_type = 'access_token' # nosec B105
|
||||
self.device_authorization_endpoint = device_authorization_endpoint
|
||||
self.code_challenge_method = code_challenge_method
|
||||
|
||||
|
|
|
@ -1,12 +1,8 @@
|
|||
# The order of packages is significant, because pip processes them in the order
|
||||
# of appearance. Changing the order has an impact on the overall integration
|
||||
# process, which may cause wedges in the gate later.
|
||||
|
||||
hacking~=4.1.0 # Apache-2.0
|
||||
flake8-docstrings~=1.6.0 # MIT
|
||||
flake8-import-order>=0.17.1 #LGPLv3
|
||||
bandit~=1.7.6 # Apache-2.0
|
||||
|
||||
bandit<1.6.0,>=1.1.0 # Apache-2.0
|
||||
coverage!=4.4,>=4.0 # Apache-2.0
|
||||
fixtures>=3.0.0 # Apache-2.0/BSD
|
||||
oslo.config>=5.2.0 # Apache-2.0
|
||||
|
|
Loading…
Reference in New Issue