[requirements] bandit bump to 1.6.0
Matthew Thode
mthode at mthode.org
Mon May 13 14:45:55 UTC 2019
On 19-05-13 13:50:11, Herve Beraud wrote:
> Alreaady discussed here =>
> http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html
>
> Sorry
>
> Le lun. 13 mai 2019 à 13:47, Herve Beraud <hberaud at redhat.com> a écrit :
>
> > Hello,
> >
> > FYI bandit 1.6.0 was released and changes the behavior of the '-x' option
> > so that it now supports glob patterns.
> >
> > Many openstack projects will facing bandit issues due to these changes.
> >
> > Two possibilities exists:
> > - pin your bandit version to < 1.6.0
> > - accept 1.6.0 and modify your bandit call by passing a patterns like this
> > https://review.opendev.org/#/c/658319/1
> >
> > We also need to update openstack/requirements (
> > https://review.opendev.org/#/c/658767/)
> >
> > I think the better approach is to use 1.6.0 now and to fix the bandit
> > command to avoid issues in the future, and avoid undesired reviews on this
> > topic.
> >
I'm pasting the projects I found using the option, hopefully it helps.
I do agree that moving now would be better, caps are always a bad thing.
| ara | tox.ini | 31 | bandit -r ara -x ara/tests --skip B303 |
| armada | tox.ini | 77 | bandit -r armada -x armada/tests -n 5 |
| armada | tox.ini | 82 | bandit -r armada -x armada/tests -n 5 |
| barbican | tox.ini | 53 | bandit -r barbican -x tests -n5 |
| barbican | tox.ini | 175 | commands = bandit -r barbican -x tests -n5 |
| castellan | tox.ini | 25 | bandit -r castellan -x tests -s B105,B106,B107,B607 |
| castellan | tox.ini | 38 | bandit -r castellan -x tests -s B105,B106,B107,B607 |
| cinder | tox.ini | 160 | commands = bandit -r cinder -n5 -x tests -ll |
| cliff | tox.ini | 31 | bandit -c bandit.yaml -r cliff -x tests -n5 |
| cloudkitty | tox.ini | 33 | commands = bandit -r cloudkitty -n5 -x tests -ll |
| deckhand | tox.ini | 90 | commands = bandit -r deckhand -x deckhand/tests -n 5 |
| deckhand | tox.ini | 111 | bandit -r deckhand -x deckhand/tests -n 5 |
| designate | tox.ini | 91 | commands = bandit -r designate -n5 -x tests -t \ |
| heat | tox.ini | 47 | bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607 |
| heat | tox.ini | 112 | commands = bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607 |
| horizon | tox.ini | 168 | commands = bandit -r horizon openstack_auth openstack_dashboard -n5 -x tests -ll |
| keystone | tox.ini | 40 | bandit -r keystone -x tests |
| keystone | tox.ini | 49 | commands = bandit -r keystone -x tests |
| keystoneauth | tox.ini | 26 | bandit -r keystoneauth1 -x tests -s B110,B410 |
| keystoneauth | tox.ini | 32 | commands = bandit -r keystoneauth1 -x tests -s B110,B410 |
| keystonemiddleware | tox.ini | 21 | bandit -r keystonemiddleware -x tests -n5 |
| keystonemiddleware | tox.ini | 27 | commands = bandit -r keystonemiddleware -x tests -n5 |
| magnum | tox.ini | 114 | bandit -r magnum -x tests -n5 -ll |
| magnum | tox.ini | 130 | commands = bandit -r magnum -x tests -n5 -ll |
| monasca-agent | tox.ini | 61 | bandit -r monasca_agent -n5 -s B101,B602,B603,B301,B303,B311,B403,B404,B405,B310,B320,B410,B411,B501,B504,B605,B607,B608 -x {toxinidir}/tests |
| monasca-api | tox.ini | 53 | bandit -r monasca_api -n5 -s B101,B303 -x monasca_api/tests |
| monasca-common | tox.ini | 72 | commands = bandit -r monasca_common -n5 -s B101 -x monasca_common/tests -x monasca_common/kafka_lib |
| monasca-events-api | tox.ini | 67 | commands = bandit -r monasca_events_api -n5 -x monasca_events_api/tests |
| monasca-log-api | tox.ini | 55 | bandit -r monasca_log_api -n5 -s B101 -x monasca_log_api/tests |
| monasca-notification | tox.ini | 59 | bandit -r monasca_notification -n5 -x monasca_notification/tests |
| monasca-persister | tox.ini | 89 | bandit -r monasca_persister -n5 -s B303 -x monasca_persister/tests |
| monasca-statsd | tox.ini | 47 | commands = bandit -r monascastatsd -s B311 -n5 -x monascastatsd/tests |
| murano | tox.ini | 36 | commands = bandit -c bandit.yaml -r murano -x tests -n 5 -ll |
| networking-cisco | tox.ini | 105 | #commands = bandit -r networking_cisco -x apps/saf,tests,plugins/cisco/cpnr -n5 -f txt |
| networking-midonet | tox.ini | 54 | commands = bandit -r midonet -x midonet/neutron/tests -n5 |
| networking-odl | tox.ini | 124 | commands = bandit -r networking_odl -x tests -n5 -s B101 |
| networking-omnipath | tox.ini | 143 | commands = bandit -r omnipath -x tests -n5 |
| networking-ovn | tox.ini | 154 | commands = bandit -r networking_ovn -x networking_ovn/tests/* -n5 -s B104 |
| neutron | tox.ini | 190 | commands = bandit -r neutron -x tests -n5 -s B104,B303,B311,B604 |
| neutron-lib | tox.ini | 105 | commands = bandit -r neutron_lib -x tests -n5 -s B104,B303,B311 |
| nova | tox.ini | 221 | commands = bandit -r nova -x tests -n 5 -ll |
| novajoin | tox.ini | 45 | commands = bandit -r novajoin -n5 -x tests -ll -s B104 |
| octavia | tox.ini | 72 | bandit -r octavia -ll -ii -x 'octavia/tests/*' |
| octavia | tox.ini | 130 | commands = bandit -r octavia -ll -ii -x octavia/tests {posargs} |
| octavia-lib | tox.ini | 28 | bandit -r octavia_lib -ll -ii -x octavia_lib/tests |
| ooi | tox.ini | 37 | bandit -r ooi -x tests -s B110,B410 |
| ooi | tox.ini | 42 | commands = bandit -r ooi -x tests -s B110,B410 |
| oslo.cache | tox.ini | 32 | bandit -r oslo_cache -x tests -n5 |
| oslo.concurrency | tox.ini | 26 | bandit -r oslo_concurrency -x tests -n5 --skip B311,B404,B603,B606 |
| oslo.config | tox.ini | 38 | bandit -r oslo_config -x tests -n5 |
| oslo.config | tox.ini | 64 | commands = bandit -r oslo_config -x tests -n5 |
| oslo.context | tox.ini | 20 | bandit -r oslo_context -x tests -n5 |
| oslo.db | tox.ini | 38 | bandit -r oslo_db -x tests -n5 --skip B105,B311 |
| oslo.i18n | tox.ini | 23 | bandit -r oslo_i18n -x tests -n5 |
| oslo.log | tox.ini | 25 | bandit -r oslo_log -x tests -n5 |
| oslo.log | tox.ini | 53 | commands = bandit -r oslo_log -x tests -n5 |
| oslo.messaging | tox.ini | 23 | bandit -r oslo_messaging -x tests -n5 |
| oslo.messaging | tox.ini | 97 | commands = bandit -r oslo_messaging -x tests -n5 |
| oslo.middleware | tox.ini | 22 | bandit -r oslo_middleware -x tests -n5 |
| oslo.privsep | tox.ini | 25 | bandit -r oslo_privsep -x tests -n5 --skip B404,B603 |
| oslo.service | tox.ini | 24 | bandit -r oslo_service -n5 -x tests |
| oslo.service | tox.ini | 60 | commands = bandit -r oslo_service -n5 -x tests {posargs} |
| oslo.utils | tox.ini | 21 | bandit -r oslo_utils -x tests -n5 |
| oslo.utils | tox.ini | 41 | commands = bandit -r oslo_utils -x tests -n5 |
| patrole | tox.ini | 29 | bandit -r patrole_tempest_plugin -x patrole_tempest_plugin/tests -n 5 |
| placement | tox.ini | 141 | commands = bandit -r placement -x tests -n 5 -ll |
| python-keystoneclient | tox.ini | 25 | bandit -r keystoneclient -x tests -n5 |
| python-keystoneclient | tox.ini | 31 | commands = bandit -r keystoneclient -x tests -n5 |
| python-magnumclient | tox.ini | 26 | commands = bandit -r magnumclient -x tests -n5 -ll |
| python-magnumclient | tox.ini | 49 | bandit -r magnumclient -x tests -n5 -ll |
| python-monascaclient | tox.ini | 61 | commands = bandit -r monascaclient -n5 -x {env:OS_TEST_PATH} |
| python-neutronclient | tox.ini | 82 | commands = bandit -r neutronclient -x tests -n5 -s B303 |
| python-novaclient | tox.ini | 29 | commands = bandit -r novaclient -n5 -x tests |
| python-openstackclient | tox.ini | 30 | bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101 |
| python-openstackclient | tox.ini | 57 | bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101 |
| python-senlinclient | tox.ini | 23 | commands = bandit -r senlinclient -x tests -n5 -ll |
| python-zunclient | tox.ini | 27 | commands = bandit -r zunclient -x tests -n5 -ll |
| python-zunclient | tox.ini | 61 | bandit -r zunclient -x tests -n5 -ll |
| renderspec | tox.ini | 26 | bandit -r -s B701 renderspec -x tests |
| sahara | tox.ini | 46 | bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests |
| sahara | tox.ini | 118 | commands = bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests |
| senlin | tox.ini | 101 | commands = bandit -r senlin -x tests -s B101,B104,B110,B310,B311,B506 |
| solum | tox.ini | 92 | commands = bandit -r solum -n5 -x tests -ll |
| spyglass-plugin-xls | test-requirements.txt | 8 | bandit>=1.5.0 |
| spyglass-plugin-xls | tox.ini | 37 | bandit -r spyglass-plugin-xls -n 5 |
| spyglass-plugin-xls | tox.ini | 44 | commands = bandit -r spyglass-plugin-xls -n 5 |
| stevedore | tox.ini | 32 | bandit -r stevedore -x tests -n5 |
| tatu | tox.ini | 45 | commands = bandit -r tatu -n5 -x tests -ll -s B104 |
| trove | tox.ini | 99 | commands = bandit -r trove -n5 -x tests |
| valet | tox.ini | 59 | commands = bandit -r valet -x tests -n 5 -l |
| watcher | tox.ini | 28 | bandit -r watcher -x watcher/tests/* -n5 -ll -s B320 |
| watcher | tox.ini | 106 | commands = bandit -r watcher -x watcher/tests/* -n5 -ll -s B320 |
| watcher-tempest-plugin | tox.ini | 20 | bandit -r watcher_tempest_plugin -x tests -n5 -ll -s B320 |
| watcher-tempest-plugin | tox.ini | 56 | commands = bandit -r watcher_tempest_plugin -x tests -n5 -ll -s B320 |
| zun | tox.ini | 35 | bandit -r zun -x tests -n5 -ll --skip B303,B604 |
--
Matthew Thode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190513/87a0bc62/attachment-0001.sig>
More information about the openstack-discuss
mailing list