[stable-only] Cap bandit and make lower-constraints job non-voting

The 1.6.3 [1] release has dropped support for py2 [2] so cap to 1.6.2 when using py2. sphinx requirements needed to be changed in doc/requirements.txt to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 Closes-Bug: #1907438 Change-Id: Ie5221bf37c6ed9268a4aa0737ffcdd811e39360a
openstack · Jan 8, 2021 · c9f50e9 · c9f50e9
1 parent 051a51f
commit c9f50e9
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/.zuul.yaml b/.zuul.yaml
@@ -274,6 +274,13 @@
             irrelevant-files: *dsvm-irrelevant-files
         - tempest-slow-py3:
             irrelevant-files: *dsvm-irrelevant-files
+        - openstack-tox-lower-constraints:
+            # NOTE(elod.illes): with the introduction of the new dependency
+            # resolver in pip 20.3, the lower-constraints jobs start to fail
+            # as the constraint handling is now working as it should, thus
+            # revealing issues. Setting this to non-voting until the way
+            # forward is decided.
+            voting: false
         - grenade-py3:
             irrelevant-files: *dsvm-irrelevant-files
     gate:
@@ -287,6 +294,13 @@
             irrelevant-files: *dsvm-irrelevant-files
         - tempest-slow-py3:
             irrelevant-files: *dsvm-irrelevant-files
+        - openstack-tox-lower-constraints:
+            # NOTE(elod.illes): with the introduction of the new dependency
+            # resolver in pip 20.3, the lower-constraints jobs start to fail
+            # as the constraint handling is now working as it should, thus
+            # revealing issues. Setting this to non-voting until the way
+            # forward is decided.
+            voting: false
         - grenade-py3:
             irrelevant-files: *dsvm-irrelevant-files
     experimental:

diff --git a/doc/requirements.txt b/doc/requirements.txt
@@ -1,7 +1,8 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7'  # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 sphinxcontrib-actdiag>=0.8.5 # BSD
 sphinxcontrib-seqdiag>=0.8.4 # BSD
 sphinx-feature-classification>=0.2.0 # Apache-2.0

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -19,7 +19,7 @@ osprofiler>=1.4.0 # Apache-2.0
 testresources>=2.0.0 # Apache-2.0/BSD
 testscenarios>=0.4 # Apache-2.0/BSD
 testtools>=2.2.0 # MIT
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<=1.6.2 # Apache-2.0
 gabbi>=1.35.0 # Apache-2.0
 
 # vmwareapi driver specific dependencies