If we're pinning exact versions of things for requirements.txt, pin

all dependencies of dependencies as well so we can get a consistent build.

Signed-off-by: cyli <cyli@twistedmatrix.com>

requirements.txt

@@ -1,6 +1,16 @@
-requests[security]==2.11.1
-six>=1.4.0
-websocket-client==0.32.0
-backports.ssl_match_hostname>=3.5 ; python_version < '3.5'
-ipaddress==1.0.16 ; python_version < '3.3'
+appdirs==1.4.3
+asn1crypto==0.22.0
+backports.ssl-match-hostname==3.5.0.1
+cffi==1.10.0
+cryptography==1.9
 docker-pycreds==0.2.1
+enum34==1.1.6
+idna==2.5
+ipaddress==1.0.18
+packaging==16.8
+pycparser==2.17
+pyOpenSSL==17.0.0
+pyparsing==2.2.0
+requests==2.14.2
+six==1.10.0
+websocket-client==0.40.0

setup.py

@@ -36,10 +36,10 @@ extras_require = {
     # ServerAltname: https://pypi.python.org/pypi/backports.ssl_match_hostname
     ':python_version < "3.3"': 'ipaddress >= 1.0.16',
 
-    # If using docker-py over TLS, highly recommend this option is pip-installed
-    # or pinned.
+    # If using docker-py over TLS, highly recommend this option is
+    # pip-installed or pinned.
 
-    # TODO: if pip installign both "requests" and "requests[security]", the
+    # TODO: if pip installing both "requests" and "requests[security]", the
     # extra package from the "security" option are not installed (see
     # https://github.com/pypa/pip/issues/4391).  Once that's fixed, instead of
     # installing the extra dependencies, install the following instead: