[stable-only] Cap bandit and fix lower-constraints

The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt). [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I2df0f9778b029ea369492649041ed375dccef2a7
openstack · Jan 8, 2021 · 45eeda8 · 45eeda8
1 parent d907cb8
commit 45eeda8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/lower-constraints.txt b/lower-constraints.txt
@@ -1,5 +1,5 @@
 bandit==1.4.0
-hacking==0.12.0
+hacking==1.1.0
 keystoneauth1==3.9.0
 oslo.config==5.2.0
 oslo.i18n==3.15.3

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -7,4 +7,4 @@ oslotest>=3.2.0 # Apache-2.0
 stestr>=1.0.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.4.0 # Apache-2.0
+bandit>=1.4.0,<=1.6.2 # Apache-2.0