[stable-only] Cap bandit to 1.6.2, bump lower-constraints

The 1.6.3 [1] release has dropped support for py2 [2] so cap to 1.6.2 when using py2. We also need to bump the lower constraint of keystoneauth1 since our minimum version of openstacksdk, 0.17.0, depends on keystoneauth1>=3.8.0 and PyPI 20.1+ won't allow this to stand. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] PyCQA/bandit#615 Change-Id: Iad568c152d49c2fe5dd31dc9b05c07e3d4fd1a83 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
openstack · Jul 12, 2021 · a69cc3d · a69cc3d
1 parent 54bf2c0
commit a69cc3d
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/lower-constraints.txt b/lower-constraints.txt
@@ -38,7 +38,7 @@ jmespath==0.9.0
 jsonpatch==1.16
 jsonpointer==1.13
 jsonschema==2.6.0
-keystoneauth1==3.6.2
+keystoneauth1==3.8.0
 kombu==4.0.0
 linecache2==1.0.0
 MarkupSafe==1.0

diff --git a/requirements.txt b/requirements.txt
@@ -6,7 +6,7 @@ six>=1.10.0 # MIT
 
 Babel!=2.4.0,>=2.3.4 # BSD
 cliff!=2.9.0,>=2.8.0 # Apache-2.0
-keystoneauth1>=3.6.2 # Apache-2.0
+keystoneauth1>=3.8.0 # Apache-2.0
 openstacksdk>=0.17.0 # Apache-2.0
 osc-lib>=1.14.0 # Apache-2.0
 oslo.i18n>=3.15.3 # Apache-2.0

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -15,7 +15,7 @@ stestr>=1.0.0 # Apache-2.0
 testtools>=2.2.0 # MIT
 tempest>=17.1.0 # Apache-2.0
 osprofiler>=1.4.0 # Apache-2.0
-bandit!=1.6.0,>=1.1.0 # Apache-2.0
+bandit!=1.6.0,>=1.1.0,<=1.6.2 # Apache-2.0
 wrapt>=1.7.0 # BSD License
 
 # Install these to generate sphinx autodocs

diff --git a/tox.ini b/tox.ini
@@ -138,7 +138,7 @@ import-order-style = pep8
 application_import_names = openstackclient
 
 [testenv:lower-constraints]
-basepython = python3
+basepython = python2.7
 deps =
   -c{toxinidir}/lower-constraints.txt
   -r{toxinidir}/test-requirements.txt