Cap Bandit below 1.6.0 and update Sphinx requirement

Bandit 1.6.0 accidentally changed how the exclusion list option is handled and breaks our use of it. Cap to the previous version until Bandit has fixed the problem. Sphinx 2.0 no longer works on python 2.7, so we need to start capping it there as well. Change-Id: Ib7f8df3fc5b83520b179d0a260c54e015c042b17 Reference: https://github.com/PyCQA/bandit/pull/489 (cherry picked from commit 016904f816)
2019-05-13 18:02:21 +00:00 · 2019-05-13 18:02:21 +00:00 · 85df3325e1
parent a94c3f15d3
commit 85df3325e1
2 changed files with 3 additions and 2 deletions
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.
 # These are needed for docs generation
 openstackdocstheme>=1.18.1 # Apache-2.0
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 reno>=2.5.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -9,4 +9,4 @@ coverage!=4.4,>=4.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0

 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0