From 683db4ae6c38f91f76ae618797077e128f483168 Mon Sep 17 00:00:00 2001 From: confi-surya Date: Tue, 14 May 2019 17:14:41 +0530 Subject: [PATCH] Blacklist bandit 1.6.0 There's a regression[0] in bandit 1.6.0 which causes bandit to stop respecting excluded directories, and our tests throw a bunch of violations. Blacklist this version, but allow newer versions as there is already a pull request[1] to fix it, and I expect it will be included in the next release. [0] https://github.com/PyCQA/bandit/issues/488 [1] https://github.com/PyCQA/bandit/pull/489 Change-Id: I4429614a57fb512fe2bfdf0686c3eff0adc2a2f4 --- doc/requirements.txt | 3 ++- test-requirements.txt | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/requirements.txt b/doc/requirements.txt index 45d0110674..ab68d4701e 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -4,4 +4,5 @@ doc8>=0.6.0 # Apache-2.0 openstackdocstheme>=1.18.1 # Apache-2.0 reno>=2.5.0 # Apache-2.0 -sphinx!=1.6.6,>=1.6.2 # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD diff --git a/test-requirements.txt b/test-requirements.txt index fffd0c8204..18de5acca9 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,7 +1,7 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -bandit>=1.1.0 # Apache-2.0 +bandit!=1.6.0,>=1.1.0 # Apache-2.0 bashate>=0.5.1 # Apache-2.0 beautifulsoup4>=4.6.0 # MIT coverage!=4.4,>=4.0 # Apache-2.0