bandit is a linter and is listed in the "blacklist" from the
requirements repo, so it does not appear in the constraints lists.
Project teams are expected to manage the verions(s) allowed on their
own, to allow different teams to roll ahead to new versions as they can
rather than having the entire community do it in lock-step. This change
caps the version of bandit to the one available during the rocky
development cycle to avoid introducing the new rules from newer releases
into a stable branch.
This patch also changes to use older keepalived version in functional
This issue is reported in bug 1788185.
It looks that current keepalived version which is available in
Ubuntu Xenial repositories (1:1.2.24-1ubuntu0.16.04.1) is broken
and cause failure of some functional tests in Neutron.
Details are in .
Older version works fine so as temporary solution we can use
this version in functional tests.
This issue don't happens on master and stable/rocky branch, as there
newer cloud-archive repo is used and it has newer version of keepalived
which works fine.