[stable-only] Cap bandit and fix constraints

The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. With the introduction of the new dependency resolver in 20.3 pip the lower-constraints job starts to fail as now the constraints are working as they should. Multiple fixes needed: * lower-constraints job uses the [testenv]install_command, so it gives both the upper-constraints and lower-constraints, which causes the job to fail. As an easy fix install_command is added to this target without the upper constraints. * duplicate stestr constraint removed * cryptography lower constraint is bumped as with version 2.1 the new resolver of pip takes hours to install the packages * contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too * lower-constraints test job failed with error message: "[..] unexpected keyword argument 'barbican_endpoint_type'" which is due to old version of castellan. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I4b33c2544c911bd68ed8af4c754c9f5dc0c93be8
openstack-archive · Mar 20, 2021 · 43997de · 43997de
1 parent 4f69886
commit 43997de
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 9 deletions.
diff --git a/lower-constraints.txt b/lower-constraints.txt
@@ -7,15 +7,15 @@ astroid==1.3.8
 Babel==2.3.4
 bandit==1.1.0
 cachetools==2.0.1
-castellan==0.16.0
+castellan==0.18.0
 certifi==2018.1.18
 cffi==1.11.5
 chardet==3.0.4
 cliff==2.11.0
 cmd2==0.8.1
 contextlib2==0.5.5
 coverage==4.0
-cryptography==2.1
+cryptography==2.1.4
 debtcollector==1.2.0
 decorator==4.2.1
 deprecation==2.0
@@ -27,13 +27,13 @@ eventlet==0.18.2
 extras==1.0.0
 fasteners==0.14.1
 fixtures==3.0.0
-flake8==2.5.5
+flake8==2.6.0
 future==0.16.0
 futurist==1.6.0
 gitdb2==2.0.3
 GitPython==2.1.8
 greenlet==0.4.13
-hacking==0.12.0
+hacking==1.1.0
 idna==2.6
 imagesize==1.0.0
 iso8601==0.1.12
@@ -100,7 +100,7 @@ pyinotify==0.9.6
 pylint==1.4.5
 PyMySQL==0.7.6
 pyOpenSSL==17.5.0
-pyparsing==2.2.0
+pyparsing==2.4.2
 pyperclip==1.6.0
 python-barbicanclient==4.6.0
 python-congressclient==1.9.0
@@ -135,7 +135,6 @@ sqlalchemy-migrate==0.11.0
 SQLAlchemy==1.0.10
 sqlparse==0.2.4
 statsd==3.2.2
-stestr==2.0.0
 stevedore==1.20.0
 Tempita==0.5.2
 tenacity==4.4.0

diff --git a/requirements.txt b/requirements.txt
@@ -22,7 +22,7 @@ keystonemiddleware>=4.17.0 # Apache-2.0
 testtools>=2.2.0 # MIT
 yaql>=1.1.3 # Apache 2.0 License
 debtcollector>=1.2.0 # Apache-2.0
-cryptography>=2.1 # BSD/Apache-2.0
+cryptography>=2.1.4 # BSD/Apache-2.0
 
 # For paste.util.template used in keystone.common.template
 Paste>=2.0.2 # MIT
@@ -48,4 +48,4 @@ oslo.i18n>=3.15.3 # Apache-2.0
 oslo.log>=3.36.0 # Apache-2.0
 oslo.upgradecheck>=0.1.0 # Apache-2.0
 semantic-version>=2.8.2 # BSD
-castellan>=0.16.0 # Apache-2.0
+castellan>=0.18.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
@@ -18,7 +18,7 @@ pycodestyle>=2.0.0 # MIT License
 requests>=2.14.2 # Apache-2.0
 stestr>=1.0.0 # Apache-2.0
 murano-pkg-check>=0.3.0 # Apache-2.0
-bandit>=1.1.0,!=1.6.0 # Apache-2.0
+bandit>=1.1.0,!=1.6.0,<=1.6.2 # Apache-2.0
 
 # Some of the tests use real MySQL and Postgres databases
 PyMySQL>=0.7.6 # MIT License

diff --git a/tox.ini b/tox.ini
@@ -133,6 +133,7 @@ commands = bindep test
 usedevelop = False
 
 [testenv:lower-constraints]
+install_command = pip install {opts} {packages}
 basepython = python3
 deps =
   -c{toxinidir}/lower-constraints.txt