cap bandit in test-requirements.txt

bandit is a linter and is listed in the "blacklist" from the
requirements repo, so it does not appear in the constraints lists.
Project teams are expected to manage the verions(s) allowed on their
own, to allow different teams to roll ahead to new versions as they can
rather than having the entire community do it in lock-step. This change
caps the version of bandit to the one available during the rocky
development cycle to avoid introducing the new rules from newer releases
into a stable branch.

This patch also changes to use older keepalived version in functional
This issue is reported in bug 1788185.

It looks that current keepalived version which is available in
Ubuntu Xenial repositories (1:1.2.24-1ubuntu0.16.04.1) is broken
and cause failure of some functional tests in Neutron.
Details are in [1].
Older version works fine so as temporary solution we can use
this version in functional tests.

This issue don't happens on master and stable/rocky branch, as there
newer cloud-archive repo is used and it has newer version of keepalived
which works fine.


Change-Id: Ia59de069b29f584cce21163a77812ec0ed243e65
Closes-Bug: #1788185
(cherry picked from commit 159490502e)
Slawek Kaplonski 5 years ago committed by Brian Haley
parent e222dae2c4
commit 4bdd17a743

@ -3,7 +3,7 @@
# process, which may cause wedges in the gate later.
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
bandit>=1.1.0 # Apache-2.0
bandit>=1.1.0,<1.5.0 # Apache-2.0
coverage!=4.4,>=4.0 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD
flake8-import-order==0.12 # LGPLv3