New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bandit 1.6.3 is getting picked up on python 2.7 installs #663
Comments
Yes, this has broken OpenStack CIs for Py2.7 |
See also #654. Not sure how amenable PyPI is to updating busted artifacts, but I also wouldn't want to force a return of py2 support. Unpublishing may be the least-bad option? |
Agreed. Publish 1.6.4 as non-universal (or best yet, just publish 1.7.0 at least) and unpublish 1.6.3. That would help. |
This patch disables the lower-constraints job as it started failing and we agreed during the PTG to drop it anyway. [1] For Train and below additionally blacklist bandit 1.6.3 as it was improperly released as a universal wheel. [2] [1] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018445.html [2] PyCQA/bandit#663 Change-Id: Icfedd16ef9aed84e9f9be939e832c35e0d735efe (cherry picked from commit bc0a41c)
Stein backport note: this patch makes upgrade jobs non-voting, since Rocky is not really maintained. This also removes them from the gate per the infra recommendations. The 'prechecks : Checking Docker version' task previously failed with Docker 20.10.0. The regex used to parse the version was returning 0.10.0, which is not above the minimum. The previous version of 19.x would have been parsed as 9.x, which is above the minimum. This change fixes the issue by matching the beginning and end of the version using \b. For Train and below additionally blacklist bandit 1.6.3 as it was improperly released as a universal wheel. [1] And also drop lower-constraints job as agreed during the PTG. [2] It started to fail. For Stein, add kolla to openstack_projects list in the deploy-guide, to fix the cross-project link. [1] PyCQA/bandit#663 [2] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018445.html Change-Id: I2a23eea7effb5b9a5e73361bcd48bd2e16d1569c Closes-Bug: 1907436 Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
This patch disables the lower-constraints job as it started failing and we agreed during the PTG to drop it anyway. [1] For Train and below additionally blacklist bandit 1.6.3 as it was improperly released as a universal wheel. [2] [1] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018445.html [2] PyCQA/bandit#663 Change-Id: Icfedd16ef9aed84e9f9be939e832c35e0d735efe Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/766180 (cherry picked from commit bc0a41c)
The 'prechecks : Checking Docker version' task previously failed with Docker 20.10.0. The regex used to parse the version was returning 0.10.0, which is not above the minimum. The previous version of 19.x would have been parsed as 9.x, which is above the minimum. This change fixes the issue by matching the beginning and end of the version using \b. For Train and below additionally blacklist bandit 1.6.3 as it was improperly released as a universal wheel. [1] And also drop lower-constraints job as agreed during the PTG. [2] It started to fail. [1] PyCQA/bandit#663 [2] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018445.html Depends-On: https://review.opendev.org/766180 Change-Id: I2a23eea7effb5b9a5e73361bcd48bd2e16d1569c Closes-Bug: 1907436 Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
1.7.0 is published, but need to track down a PyPI user with Owner role to yank 1.6.3 |
1.6.3 yanked. Thanks everyone |
The 'prechecks : Checking Docker version' task previously failed with Docker 20.10.0. The regex used to parse the version was returning 0.10.0, which is not above the minimum. The previous version of 19.x would have been parsed as 9.x, which is above the minimum. This change fixes the issue by matching the beginning and end of the version using \b. For Train and below additionally blacklist bandit 1.6.3 as it was improperly released as a universal wheel. [1] And also drop lower-constraints job as agreed during the PTG. [2] It started to fail. [1] PyCQA/bandit#663 [2] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018445.html Depends-On: https://review.opendev.org/766180 Change-Id: I2a23eea7effb5b9a5e73361bcd48bd2e16d1569c Closes-Bug: 1907436 Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
The 'prechecks : Checking Docker version' task previously failed with Docker 20.10.0. The regex used to parse the version was returning 0.10.0, which is not above the minimum. The previous version of 19.x would have been parsed as 9.x, which is above the minimum. This change fixes the issue by matching the beginning and end of the version using \b. For Train and below additionally blacklist bandit 1.6.3 as it was improperly released as a universal wheel. [1] And also drop lower-constraints job as agreed during the PTG. [2] It started to fail. [1] PyCQA/bandit#663 [2] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018445.html Depends-On: https://review.opendev.org/766180 Change-Id: I2a23eea7effb5b9a5e73361bcd48bd2e16d1569c Closes-Bug: 1907436 Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I64da924b84d6a96d0440a562c0a7925406aff4c4
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt). [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I2df0f9778b029ea369492649041ed375dccef2a7
bandit 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. With the new pip dependency resolver (introduced in pip 20.3) the lower-constraints job started to fail. Problem is here with the 'install_command' in tox.ini, which uses both the upper- and lower- constraints files, causing the job to fail. This patch adds separate install_command without the upper constraints, so that only the lower-constraints.txt is used. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: If8738f5005e60cf46ed93edbefa272bc2611b53f
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I404810487e68042a2ae7de888a1225a0fcd23252
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I8762bad8821868c97af8114e49f51b6383df3e5c
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I0c50a5d70cd288cea3fe05a23dcb474cde176caa
bandit 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. With the new pip dependency resolver (introduced in pip 20.3) the lower-constraints job started to timeout and fail. This patch fixes package version constraint contradictions and add some new lower constraints to speed up pip's dependency resolution. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ib3ff3bd2df8954407e880a759082ef1eee3e76a1
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx and elasticsearch requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I8762bad8821868c97af8114e49f51b6383df3e5c (cherry picked from commit 30ffa27)
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ifd2bce1552e092a605f96d404ad12a4bbd03fe0c
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I86312e5f46d4e880fbe7d230a6ac7d6a2f3ba5ae
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I787a0276ec0a62bc9e2f068e4e4ee1219a306474
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I0c50a5d70cd288cea3fe05a23dcb474cde176caa (cherry picked from commit 53c69e7)
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ibdc46d188a6025a42a6c7244cb0700563f56b3d1
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ic49c9bffc970b34ffa85696e9f8abbd8e8a1a776
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Id83f06c2f7a120960083b05d01b311e733bd0369
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Id412a175c8b2a9c8c62105f5a6205b1330a9883f
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I4cdc6d038911283f3eeedbdf70fc6c24933f4d28
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ifde30bc88e77c027c3dce12417c0718f5ae56f23
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ia4a143d0c17e5471868d1508be1ec391d8c21090
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I12478b0b85aad91bcf71500e0cef59698c528417
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I3ee4f975ed968e73c553e12fdc53c03c1e4f8064
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Id39cd1f6ed61a3fa457f461fc8d399b550f3bb57
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ib53ba3d18179fd773ace2fc26479b60ecd4c820c
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I95461280d11b14199ba64a2da5709a1e2f4531df
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I95461280d11b14199ba64a2da5709a1e2f4531df
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. sphinx requirement needed to be updated to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I787a0276ec0a62bc9e2f068e4e4ee1219a306474 (cherry picked from commit fba3b78)
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I69fde94a9a5b57ab131b56320a0d2ed2f8596729
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I543337fc3d6b6815de9b0bffe10ba09cda6b1821
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Sphinx requirements also fixed to make requirements-check job pass. lower-constraints job fixed with * correcting contradicting/missing constraints * setting default install_command to not use upper-constraints.txt [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ib2bad4cbd1ac9a63cd8c8e48f5cd5bf8c5cde595
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ib2bad4cbd1ac9a63cd8c8e48f5cd5bf8c5cde595
The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. With the introduction of the new dependency resolver in 20.3 pip the lower-constraints job starts to fail as now the constraints are working as they should. Multiple fixes needed: * lower-constraints job uses the [testenv]install_command, so it gives both the upper-constraints and lower-constraints, which causes the job to fail. As an easy fix install_command is added to this target without the upper constraints. * duplicate stestr constraint removed * cryptography lower constraint is bumped as with version 2.1 the new resolver of pip takes hours to install the packages * contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too * lower-constraints test job failed with error message: "[..] unexpected keyword argument 'barbican_endpoint_type'" which is due to old version of castellan. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I4b33c2544c911bd68ed8af4c754c9f5dc0c93be8
The 'prechecks : Checking Docker version' task previously failed with Docker 20.10.0. The regex used to parse the version was returning 0.10.0, which is not above the minimum. The previous version of 19.x would have been parsed as 9.x, which is above the minimum. This change fixes the issue by matching the beginning and end of the version using \b. For Train and below additionally blacklist bandit 1.6.3 as it was improperly released as a universal wheel. [1] [1] PyCQA/bandit#663 Change-Id: I2a23eea7effb5b9a5e73361bcd48bd2e16d1569c Closes-Bug: 1907436 Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com> (cherry picked from commit 00ee93b)
This patch has multiple fixes to unblock gate. 1. bandit We don't have bandit requirements in upper-constraints, so we need to cap it in stable branches manually to work with Python 2.7, as bandit 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4]. 2. pip resolver With the new pip resolver the following issues needed to be fixed: * SQLAlchemy-Utils constraint conflicts with rocky's upper constraints * bump lower constraint of cryptography * bump lower constraint of oslo.messaging * bump lower constraint of oslo.utils 3. lower-constraints In lower-constraints job lxml requires libxml2-dev and libxslt1-dev packages, so bindep.txt is extended with them. install_command needs to be added to lower-constraints tox target to work properly. 4. cinder-tempest-dsvm-lvm-lio-barbican Fix for overlapping CIDR issue in cinder-tempest-dsvm-lvm-lio-barbican is the same as in patch I068cf1e9618d305b5a9383c283bfa0f120bfe905. 5. pin nodeset to xenial for requirements-check job The default nodeset for zuul jobs is now ubuntu-focal, and requirements-check job fails on focal, because the mysql it contains is not compatible with the commands that is used in tools/test-setup.sh. This patch pins the nodeset to ubuntu-xenial for requirements-check job to make it pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ie597e778e3efa61bfd98eaaa92730b5050195e7a (cherry picked from commit a512bfc233fc76c4375388b8546ab9e60459e1d3)
From https://wheel.readthedocs.io/en/stable/user_guide.html : > If your project contains no C extensions and is expected to work on > both Python 2 and 3, you will want to tell wheel to produce universal > wheels by adding this to your setup.cfg file: > > [bdist_wheel] > universal = 1 Now that we no longer support Python 2, it's inappropriate for us to claim that our wheels are universal. Note that claiming that a wheel is universal when it's not has caused trouble for other projects in the past; see PyCQA/bandit#663
From https://wheel.readthedocs.io/en/stable/user_guide.html : > If your project contains no C extensions and is expected to work on > both Python 2 and 3, you will want to tell wheel to produce universal > wheels by adding this to your setup.cfg file: > > [bdist_wheel] > universal = 1 Now that we no longer support Python 2, it's inappropriate for us to claim that our wheels are universal. Note that claiming that a wheel is universal when it's not has caused trouble for other projects in the past; see PyCQA/bandit#663
Describe the bug
When running using python 2.7, a
pip install bandit
picks up 1.6.3.To Reproduce
It's been uploaded as a "universal wheel" which I think is the issue.
Expected behavior
An older version of bandit is picked up.
The text was updated successfully, but these errors were encountered: