Cap Bandit below 1.6.0 and update Sphinx requirement

Bandit 1.6.0 accidentally changed how the exclusion list option is handled and breaks our use of it. Cap to the previous version until Bandit has fixed the problem. Sphinx 2.0 no longer works on python 2.7, so we need to start capping it there as well. Change-Id: Ib340f5822b124e78cd96ee12f9f033d5f313e238 Reference: https://github.com/PyCQA/bandit/pull/489
2019-05-13 17:02:59 +00:00 · 2019-05-13 17:02:59 +00:00 · fac974b1a0
parent 3280b697ac
commit fac974b1a0
2 changed files with 3 additions and 2 deletions
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@ -2,7 +2,8 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 # this is required for the docs build jobs
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 openstackdocstheme>=1.18.1 # Apache-2.0
 reno>=2.5.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -12,4 +12,4 @@ stestr>=2.0.0 # Apache-2.0
 eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT

 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0