[stable-only] Cap bandit and fix lower-constraints

The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I0c50a5d70cd288cea3fe05a23dcb474cde176caa
openstack · Jan 8, 2021 · 53c69e7 · 53c69e7
1 parent 8a88d0e
commit 53c69e7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lower-constraints.txt b/lower-constraints.txt
@@ -9,11 +9,11 @@ dulwich==0.15.0
 eventlet==0.18.2
 extras==1.0.0
 fixtures==3.0.0
-flake8==2.5.5
+flake8==2.6.0
 gitdb==0.6.4
 GitPython==1.0.1
 greenlet==0.4.10
-hacking==0.12.0
+hacking==1.1.0
 imagesize==0.7.1
 iso8601==0.1.11
 Jinja2==2.10

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -14,4 +14,4 @@ greenlet>=0.4.10 # MIT
 coverage!=4.4,>=4.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<=1.6.2 # Apache-2.0