Cap Bandit below 1.6.0 and update Sphinx requirement

Bandit 1.6.0 accidentally changed how the exclusion list option is handled and breaks our use of it. Cap to the previous version until Bandit has fixed the problem. Sphinx 2.0 no longer works on python 2.7, so we need to start capping it there as well. Change-Id: I4ee88377e7123c165434765a73f27cabec8c8177 Reference: PyCQA/bandit#489
openstack · May 13, 2019 · 3e06753 · 3e06753
1 parent fcce95b
commit 3e06753
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/doc/requirements.txt b/doc/requirements.txt
@@ -4,7 +4,8 @@
 
 # For generating sphinx documentation
 openstackdocstheme>=1.18.1 # Apache-2.0
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 reno>=2.5.0 # Apache-2.0
 sphinxcontrib-apidoc>=0.2.0  # BSD
 

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -6,7 +6,7 @@ mock>=2.0.0 # BSD
 oslotest>=3.2.0 # Apache-2.0
 pifpaf>=0.10.0 # Apache-2.0
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
 python-memcached>=1.56 # PSF
 pymongo!=3.1,>=3.0.2 # Apache-2.0