From bd4f3977c1eb9ecf747fee33fb28e0fdce4ad4d3 Mon Sep 17 00:00:00 2001
From: abraden <C-Albert.Braden@charter.com>
Date: Mon, 7 Dec 2020 19:20:44 +0000
Subject: [PATCH] Cap bandit to 1.6.3 (was Support CentOS 8.3)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This patch is a backport of some parts of
the Train backport of I2d67b3ed7b7c521bc755ec9a87365c9962a9eeff, which
also includes some fixes for the fallout from the new pip resolver.

* cap bandit<1.6.3, since bandit no longer supports Python 2.

Change-Id: I2d67b3ed7b7c521bc755ec9a87365c9962a9eeff
Closes-Bug: #1907826
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Depends-On: https://review.opendev.org/767308
---
 test-requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index b683991c86..5b5c85cf2c 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,7 +1,7 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
-bandit!=1.6.3,>=1.1.0 # Apache-2.0
+bandit!=1.6.0,<1.6.3,>=1.1.0 # Apache-2.0
 bashate>=0.5.1 # Apache-2.0
 beautifulsoup4>=4.6.0 # MIT
 coverage!=4.4,>=4.0 # Apache-2.0