[stable-only] Cap bandit to 1.6.2, bump lower-constraints

The 1.6.3 [1] release has dropped support for py2 [2] so cap to 1.6.2 when using py2. We also need to bump the lower constraint of keystoneauth1 since our minimum version of openstacksdk, 0.17.0, depends on keystoneauth1>=3.8.0 and PyPI 20.1+ won't allow this to stand. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] https://github.com/PyCQA/bandit/pull/615 Change-Id: Iad568c152d49c2fe5dd31dc9b05c07e3d4fd1a83 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2026-01-16 23:13:05 +00:00 · 2021-07-06 17:12:16 +01:00 · 2021-07-06 17:12:16 +01:00 · a69cc3ddae
commit a69cc3ddae
parent 54bf2c054d
4 changed files with 4 additions and 4 deletions
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -38,7 +38,7 @@ jmespath==0.9.0
 jsonpatch==1.16
 jsonpointer==1.13
 jsonschema==2.6.0
-keystoneauth1==3.6.2
+keystoneauth1==3.8.0
 kombu==4.0.0
 linecache2==1.0.0
 MarkupSafe==1.0
--- a/requirements.txt
+++ b/requirements.txt
@ -6,7 +6,7 @@ six>=1.10.0 # MIT

 Babel!=2.4.0,>=2.3.4 # BSD
 cliff!=2.9.0,>=2.8.0 # Apache-2.0
-keystoneauth1>=3.6.2 # Apache-2.0
+keystoneauth1>=3.8.0 # Apache-2.0
 openstacksdk>=0.17.0 # Apache-2.0
 osc-lib>=1.14.0 # Apache-2.0
 oslo.i18n>=3.15.3 # Apache-2.0
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -15,7 +15,7 @@ stestr>=1.0.0 # Apache-2.0
 testtools>=2.2.0 # MIT
 tempest>=17.1.0 # Apache-2.0
 osprofiler>=1.4.0 # Apache-2.0
-bandit!=1.6.0,>=1.1.0 # Apache-2.0
+bandit!=1.6.0,>=1.1.0,<=1.6.2 # Apache-2.0
 wrapt>=1.7.0 # BSD License

 # Install these to generate sphinx autodocs
--- a/tox.ini
+++ b/tox.ini
@ -138,7 +138,7 @@ import-order-style = pep8
 application_import_names = openstackclient

 [testenv:lower-constraints]
-basepython = python3
+basepython = python2.7
 deps =
  -c{toxinidir}/lower-constraints.txt
  -r{toxinidir}/test-requirements.txt