Fix lower-constraints & requirements

Bump some lower-constraints because of the new pip release.

Cap bandit because new releases don't support python 2.7.
Fix bandit command line in tox config to exclude files from the tests/
directory.

Change-Id: If830a35fbcb679943e94adb821755eadf828c248

lower-constraints.txt

@@ -3,7 +3,7 @@ alembic==0.8.10
 amqp==2.2.2
 appdirs==1.4.3
 asn1crypto==0.24.0
-astroid==1.3.8
+astroid==1.6
 automaton==1.14.0
 Babel==2.3.4
 bandit==1.4.0
@@ -25,7 +25,7 @@ debtcollector==1.19.0
 decorator==4.2.1
 deprecation==2.0
 diskimage-builder==1.1.2;python_version=='2.7'
-diskimage-builder==1.26.0;python_version>='3.0'
+diskimage-builder==2.27.0;python_version>='3.0'
 distro===1.2.0
 doc8==0.6.0
 docutils==0.14
@@ -35,7 +35,7 @@ eventlet==0.20.0
 extras==1.0.0
 fasteners==0.14.1
 fixtures==3.0.0
-flake8==2.5.5
+flake8==2.6.2
 flake8-import-order==0.12
 Flask==0.10
 future==0.16.0
@@ -45,7 +45,7 @@ gitdb2==2.0.3
 GitPython==2.1.8
 greenlet==0.4.13
 gunicorn==19.9.0
-hacking==0.12.0
+hacking==1.1.0
 idna==2.6
 imagesize==1.0.0
 ipaddress==1.0.17
@@ -63,7 +63,7 @@ linecache2==1.0.0
 logilab-common==1.4.1
 logutils==0.3.5
 Mako==1.0.7
-MarkupSafe==1.0
+MarkupSafe==1.1.0
 mccabe==0.4.0
 mock==2.0.0
 monotonic==1.4
@@ -89,7 +89,7 @@ oslo.messaging==6.3.0
 oslo.middleware==3.31.0
 oslo.policy==1.30.0
 oslo.reports==1.18.0
-oslo.serialization==2.18.0
+oslo.serialization==2.28.1
 oslo.service==1.30.0
 oslo.upgradecheck==0.1.0
 oslo.utils==3.33.0
@@ -108,7 +108,7 @@ psutil==5.4.3
 pyasn1==0.1.8
 pyasn1-modules==0.0.6
 pycadf==2.7.0
-pycodestyle==2.3.1
+pycodestyle==2.0.0
 pycparser==2.18
 pydot==1.2.4
 pyflakes==1.0.0
@@ -168,7 +168,7 @@ urllib3==1.22
 vine==1.1.4
 voluptuous==0.11.1
 waitress==1.1.0
-warlock==1.3.0
+warlock==1.3.1
 WebOb==1.7.1
 WebTest==2.0.29
 Werkzeug==0.14.1

requirements.txt

@@ -25,7 +25,7 @@ oslo.messaging>=6.3.0 # Apache-2.0
 oslo.middleware>=3.31.0 # Apache-2.0
 oslo.policy>=1.30.0 # Apache-2.0
 oslo.reports>=1.18.0 # Apache-2.0
-oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
+oslo.serialization>=2.28.1 # Apache-2.0
 oslo.upgradecheck>=0.1.0 # Apache-2.0
 oslo.utils>=3.33.0 # Apache-2.0
 pyasn1!=0.2.3,>=0.1.8 # BSD
@@ -40,7 +40,7 @@ WSME>=0.8.0 # MIT
 Jinja2>=2.10 # BSD License (3 clause)
 taskflow>=2.16.0 # Apache-2.0
 diskimage-builder>=1.1.2,!=1.6.0,!=1.7.0,!=1.7.1,<3.0.0;python_version=='2.7' # Apache-2.0
-diskimage-builder>=1.26.0;python_version>='3.0' # Apache-2.0
+diskimage-builder>=2.27.0;python_version>='3.0' # Apache-2.0
 futures>=3.0.0;python_version=='2.7' or python_version=='2.6' # BSD
 castellan>=0.16.0 # Apache-2.0
 tenacity>=5.0.4  # Apache-2.0

test-requirements.txt

@@ -16,7 +16,7 @@ testtools>=2.2.0 # MIT
 testresources>=2.0.0 # Apache-2.0/BSD
 testscenarios>=0.4 # Apache-2.0/BSD
 doc8>=0.6.0 # Apache-2.0
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0
 tempest>=17.1.0 # Apache-2.0
 # Required for pep8 - doc8 tests
 sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7'  # BSD

tox.ini

@@ -80,7 +80,7 @@ commands = flake8
            doc/source octavia  CONSTITUTION.rst HACKING.rst README.rst \
            TESTING.rst
            # Run security linter
-           bandit -r octavia -ll -ii -x 'octavia/tests/*'
+           {[testenv:bandit]commands}
            # Make sure specs follow our template
            find . -type f -name "*.pyc" -delete
            python -m unittest specs-tests.test_titles
@@ -150,7 +150,7 @@ commands =
 
 [testenv:bandit]
 basepython = python3
-commands = bandit -r octavia -ll -ii -x octavia/tests {posargs}
+commands = bandit -r octavia -ll -ii -x tests
 
 [flake8]
 # [H104]: Empty file with only comments