[stable-only] Cap bandit and fix lower-constraints

The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. Sphinx requirements also fixed to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ifd2bce1552e092a605f96d404ad12a4bbd03fe0c
openstack · Feb 24, 2021 · 8231396 · 8231396
1 parent abfec6a
commit 8231396
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/lower-constraints.txt b/lower-constraints.txt
@@ -12,11 +12,11 @@ eventlet==0.18.2
 extras==1.0.0
 fasteners==0.7.0
 fixtures==3.0.0
-flake8==2.5.5
+flake8==2.6.0
 gitdb==0.6.4
 GitPython==1.0.1
 greenlet==0.4.10
-hacking==0.12.0
+hacking==1.1.0
 imagesize==0.7.1
 iso8601==0.1.11
 Jinja2==2.10

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -11,11 +11,12 @@ stestr>=2.0.0 # Apache-2.0
 
 # These are needed for docs generation/testing
 openstackdocstheme>=1.18.1 # Apache-2.0
-sphinx!=1.6.6,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7'  # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 doc8>=0.6.0 # Apache-2.0
 reno>=2.5.0 # Apache-2.0
 
 coverage!=4.4,>=4.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<=1.6.2 # Apache-2.0