[stable-only] Cap bandit and fix lower-constrains

bandit 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. With the new pip dependency resolver (introduced in pip 20.3) the lower-constraints job started to timeout and fail. This patch fixes package version constraint contradictions and add some new lower constraints to speed up pip's dependency resolution. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: Ib3ff3bd2df8954407e880a759082ef1eee3e76a1
openstack · Jan 14, 2021 · cff32e1 · cff32e1
1 parent 13d48f8
commit cff32e1
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/lower-constraints.txt b/lower-constraints.txt
@@ -15,7 +15,7 @@ cliff==2.11.0
 cmd2==0.8.1
 contextlib2==0.5.5
 coverage==4.0
-cryptography==2.1
+cryptography==2.1.4
 cursive==0.2.1
 ddt==1.0.1
 debtcollector==1.19.0
@@ -57,7 +57,9 @@ MarkupSafe==1.0
 mccabe==0.2.1
 mock==2.0.0
 monotonic==1.4
+mox3==0.20.0
 msgpack==0.5.6
+msgpack-python==0.5.6
 netaddr==0.7.19
 netifaces==0.10.6
 networkx==1.11
@@ -70,7 +72,7 @@ os-win==3.0.0
 oslo.cache==1.29.0
 oslo.concurrency==3.26.0
 oslo.config==5.2.0
-oslo.context==2.19.2
+oslo.context==2.22.0
 oslo.db==4.27.0
 oslo.i18n==3.15.3
 oslo.log==3.36.0
@@ -116,9 +118,9 @@ python-glanceclient==2.15.0
 python-keystoneclient==3.15.0
 python-mimeparse==1.6.0
 python-novaclient==9.1.0
-python-subunit==1.2.0
+python-subunit==1.3.0
 python-swiftclient==3.2.0
-pytz==2013.6
+pytz==2015.7
 pyudev==0.21.0
 PyYAML==3.12
 reno==2.5.0
@@ -130,6 +132,7 @@ rfc3986==1.1.0
 Routes==2.3.1
 rsa==3.4.2
 rtslib-fb==2.1.65
+simplejson==3.5.1
 six==1.10.0
 smmap2==2.0.3
 snowballstemmer==1.2.1
@@ -138,7 +141,7 @@ sphinx-feature-classification==0.1.0
 sphinxcontrib-websupport==1.0.1
 sqlalchemy-migrate==0.11.0
 SQLAlchemy==1.0.10
-SQLAlchemy-Utils==0.36.1
+SQLAlchemy-Utils==0.33.11
 sqlparse==0.2.4
 statsd==3.2.2
 stestr==2.2.0

diff --git a/requirements.txt b/requirements.txt
@@ -18,7 +18,7 @@ lxml!=3.7.0,>=3.4.1 # BSD
 oauth2client!=4.0.0,>=1.5.0 # Apache-2.0
 oslo.config>=5.2.0 # Apache-2.0
 oslo.concurrency>=3.26.0 # Apache-2.0
-oslo.context>=2.19.2 # Apache-2.0
+oslo.context>=2.22.0 # Apache-2.0
 oslo.db>=4.27.0 # Apache-2.0
 oslo.log>=3.36.0 # Apache-2.0
 oslo.messaging>=6.4.0 # Apache-2.0
@@ -44,7 +44,7 @@ python-glanceclient>=2.15.0 # Apache-2.0
 python-keystoneclient>=3.15.0 # Apache-2.0
 python-novaclient>=9.1.0 # Apache-2.0
 python-swiftclient>=3.2.0 # Apache-2.0
-pytz>=2013.6 # MIT
+pytz>=2015.7 # MIT
 requests>=2.14.2,!=2.20.0 # Apache-2.0
 retrying!=1.3.0,>=1.2.3 # Apache-2.0
 Routes>=2.3.1 # MIT
@@ -63,5 +63,5 @@ os-win>=3.0.0 # Apache-2.0
 tooz>=1.58.0 # Apache-2.0
 google-api-python-client>=1.4.2 # Apache-2.0
 castellan>=0.16.0 # Apache-2.0
-cryptography>=2.1 # BSD/Apache-2.0
+cryptography>=2.1.4 # BSD/Apache-2.0
 cursive>=0.2.1 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
@@ -13,11 +13,11 @@ os-api-ref>=1.4.0 # Apache-2.0
 oslotest>=3.2.0 # Apache-2.0
 PyMySQL>=0.7.6 # MIT License
 psycopg2>=2.7 # LGPL/ZPL
-SQLAlchemy-Utils>=0.36.1 # BSD License
+SQLAlchemy-Utils>=0.33.11 # BSD License
 testtools>=2.2.0 # MIT
 testresources>=2.0.0 # Apache-2.0/BSD
 testscenarios>=0.4 # Apache-2.0/BSD
 oslo.versionedobjects[fixtures]>=1.31.2 # Apache-2.0
 tempest>=17.1.0 # Apache-2.0
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<=1.6.2 # Apache-2.0
 reno>=2.5.0 # Apache-2.0