Switch tox to use allowlist_externals

The whitelist_externals option in tox in deprecated in favor of
allowlist_externals. Update this and also bump our tox minversion to
the earliest version which supports this new syntax. While we're at
it, update a few code comments about bandit "nosec" exceptions to
refer to allowing instead of whitelisting.

diff --git a/mudpy/command.py b/mudpy/command.py
index ea77939..bd473e5 100644 (file)
--- a/mudpy/command.py
+++ b/mudpy/command.py
@@ -1,6 +1,6 @@
 """User command functions for the mudpy engine."""
 
-# Copyright (c) 2004-2019 mudpy authors. Permission to use, copy,
+# Copyright (c) 2004-2020 mudpy authors. Permission to use, copy,
 # modify, and distribute this software is granted under terms
 # provided in the LICENSE file distributed with this software.
 
@@ -115,7 +115,7 @@ def error(actor, input_data):
     """Generic error for an unrecognized command word."""
 
     # 90% of the time use a generic error
-    # Whitelist the random.randrange() call in bandit since it's not used for
+    # Allow the random.randrange() call in bandit since it's not used for
     # security/cryptographic purposes
     if random.randrange(10):  # nosec
         message = '''I'm not sure what "''' + input_data + '''" means...'''
@@ -555,7 +555,7 @@ def show(actor, parameters):
             try:
                 # there is no other option than to use eval() for this, since
                 # its purpose is to evaluate arbitrary expressions, so do what
-                # we can to secure it and whitelist it for bandit analysis
+                # we can to secure it and allow it for bandit analysis
                 message = repr(eval(  # nosec
                     " ".join(arguments[1:]),
                     {"mudpy": mudpy, "universe": actor.universe}))

diff --git a/mudpy/misc.py b/mudpy/misc.py
index ba29a90..044614f 100644 (file)
--- a/mudpy/misc.py
+++ b/mudpy/misc.py
@@ -1227,7 +1227,7 @@ def weighted_choice(data):
             expanded.append(key)
 
     # return one at random
-    # Whitelist the random.randrange() call in bandit since it's not used for
+    # Allow the random.randrange() call in bandit since it's not used for
     # security/cryptographic purposes
     return random.choice(expanded)  # nosec
 
@@ -1276,7 +1276,7 @@ def random_name():
     name = ""
 
     # create a name of random length from the syllables
-    # Whitelist the random.randrange() call in bandit since it's not used for
+    # Allow the random.randrange() call in bandit since it's not used for
     # security/cryptographic purposes
     for _syllable in range(random.randrange(2, 6)):  # nosec
         name += weighted_choice(syllables)

diff --git a/tox.ini b/tox.ini
index 1ede200..203bd1c 100644 (file)
--- a/tox.ini
+++ b/tox.ini
@@ -3,7 +3,7 @@
 # provided in the LICENSE file distributed with this software.
 
 [tox]
-minversion = 3.1
+minversion = 3.18
 envlist = bandit, codespell, dist, docs, flake8, yamllint, selftest_config, py3
 skipsdist = True
 ignore_basepython_conflict = True
@@ -40,7 +40,7 @@ usedevelop = False
 commands = mudpy {posargs}
 
 [testenv:dist]
-whitelist_externals = rm
+allowlist_externals = rm
 deps =
     pbr
     twine
@@ -54,7 +54,7 @@ usedevelop = False
 [testenv:docs]
 setenv =
     PYTHONWARNINGS=error
-whitelist_externals = rm
+allowlist_externals = rm
 deps =
     -r{toxinidir}/requirements.txt
     -r{toxinidir}/doc/requirements.txt