[stable-only] Cap bandit and fix lower-constraints

The 1.6.3 [1] release has dropped support for py2 [2] but the release is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2 when using py2. Contradicting hacking version replaced (in lower-constraints.txt to match with test-requirements.txt), which pulls in newer flake8, too. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 [3] PyCQA/bandit#663 [4] PyCQA/bandit#665 Change-Id: I404810487e68042a2ae7de888a1225a0fcd23252
openstack · Jan 8, 2021 · bbf30b5 · bbf30b5
1 parent 52680ce
commit bbf30b5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lower-constraints.txt b/lower-constraints.txt
@@ -5,10 +5,10 @@ coverage==4.0
 debtcollector==1.2.0
 extras==1.0.0
 fixtures==3.0.0
-flake8==2.5.5
+flake8==2.6.0
 gitdb==0.6.4
 GitPython==1.0.1
-hacking==0.12.0
+hacking==1.1.0
 ipaddress===1.0.17
 iso8601==0.1.11
 keystoneauth1==3.4.0

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -12,4 +12,4 @@ oslo.i18n>=3.15.3 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<=1.6.2 # Apache-2.0