[stable-only] Cap bandit to 1.6.2 and fix requirements

The 1.6.3 [1] release has dropped support for py2 [2] so cap to 1.6.2
when using py2.

python-memcached versions needed to be fixed to make check-requirements
job passed.

Contradicting hacking (and thus flake8) lower constraint needed to be
fixed to match and make lower-constraints job pass.

[1] https://github.com/PyCQA/bandit/releases/tag/1.6.3
[2] https://github.com/PyCQA/bandit/pull/615o

Change-Id: I35780af8c858d44c3c5cb780af72d28e85693352

lower-constraints.txt

@@ -32,7 +32,7 @@ eventlet==0.18.2
 extras==1.0.0
 fasteners==0.14.1
 fixtures==3.0.0
-flake8==2.5.5
+flake8==2.6.0
 Flask==0.10
 funcparserlib==0.3.6
 future==0.16.0
@@ -40,7 +40,7 @@ futurist==1.2.0
 gitdb2==2.0.3
 GitPython==2.1.8
 greenlet==0.4.10
-hacking==0.12.0
+hacking==1.1.0
 idna==2.6
 imagesize==1.0.0
 iso8601==0.1.12
@@ -118,7 +118,8 @@ python-dateutil==2.7.0
 python-designateclient==2.7.0
 python-editor==1.0.3
 python-keystoneclient==3.15.0
-python-memcached==1.56
+python-memcached==1.56;python_version=='2.7'
+python-memcached==1.58;python_version>='3.4'
 python-mimeparse==1.6.0
 python-neutronclient==6.7.0
 python-subunit==1.2.0

requirements.txt

@@ -44,7 +44,8 @@ oslo.i18n>=3.15.3 # Apache-2.0
 oslo.context>=2.19.2 # Apache-2.0
 oslo.policy>=1.30.0 # Apache-2.0
 Werkzeug>=0.9 # BSD License
-python-memcached>=1.56 # PSF
+python-memcached>=1.56;python_version=='2.7' # PSF
+python-memcached>=1.58;python_version>='3.4' # PSF
 tooz>=1.58.0 # Apache-2.0
 debtcollector>=1.2.0 # Apache-2.0
 os-win>=3.0.0 # Apache-2.0

test-requirements.txt

@@ -15,7 +15,8 @@ testscenarios>=0.4 # Apache-2.0/BSD
 WebTest>=2.0.27 # MIT
 tempest>=17.1.0 # Apache-2.0
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.3;python_version=='2.7' # Apache-2.0
+bandit>=1.1.0;python_version>='3.5' # Apache-2.0
 zake>=0.1.6 # Apache-2.0
 doc8>=0.6.0 # Apache-2.0
 Pygments>=2.2.0 # BSD license