[stable-only] Cap bandit and make lower-constraints job non-voting

The 1.6.3 [1] release has dropped support for py2 [2] so cap to 1.6.2 when using py2. sphinx requirements needed to be changed in doc/requirements.txt to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] https://github.com/PyCQA/bandit/pull/615 Closes-Bug: #1907438 Change-Id: Ie5221bf37c6ed9268a4aa0737ffcdd811e39360a
2020-12-09 10:08:19 +00:00 · 2020-12-09 10:08:19 +00:00 · c9f50e98d2
parent 051a51f521
commit c9f50e98d2
3 changed files with 17 additions and 2 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -274,6 +274,13 @@
            irrelevant-files: *dsvm-irrelevant-files
        - tempest-slow-py3:
            irrelevant-files: *dsvm-irrelevant-files
+        - openstack-tox-lower-constraints:
+            # NOTE(elod.illes): with the introduction of the new dependency
+            # resolver in pip 20.3, the lower-constraints jobs start to fail
+            # as the constraint handling is now working as it should, thus
+            # revealing issues. Setting this to non-voting until the way
+            # forward is decided.
+            voting: false
        - grenade-py3:
            irrelevant-files: *dsvm-irrelevant-files
    gate:
@ -287,6 +294,13 @@
            irrelevant-files: *dsvm-irrelevant-files
        - tempest-slow-py3:
            irrelevant-files: *dsvm-irrelevant-files
+        - openstack-tox-lower-constraints:
+            # NOTE(elod.illes): with the introduction of the new dependency
+            # resolver in pip 20.3, the lower-constraints jobs start to fail
+            # as the constraint handling is now working as it should, thus
+            # revealing issues. Setting this to non-voting until the way
+            # forward is decided.
+            voting: false
        - grenade-py3:
            irrelevant-files: *dsvm-irrelevant-files
    experimental:
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@ -1,7 +1,8 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7'  # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 sphinxcontrib-actdiag>=0.8.5 # BSD
 sphinxcontrib-seqdiag>=0.8.4 # BSD
 sphinx-feature-classification>=0.2.0 # Apache-2.0
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -19,7 +19,7 @@ osprofiler>=1.4.0 # Apache-2.0
 testresources>=2.0.0 # Apache-2.0/BSD
 testscenarios>=0.4 # Apache-2.0/BSD
 testtools>=2.2.0 # MIT
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<=1.6.2 # Apache-2.0
 gabbi>=1.35.0 # Apache-2.0

 # vmwareapi driver specific dependencies