From 45eeda832a8f65fdfdcd79b1b4c9eb30cee09b09 Mon Sep 17 00:00:00 2001
From: Elod Illes <elod.illes@est.tech>
Date: Fri, 8 Jan 2021 22:07:57 +0100
Subject: [PATCH] [stable-only] Cap bandit and fix lower-constraints

The 1.6.3 [1] release has dropped support for py2 [2] but the release
is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2
when using py2.

Contradicting hacking version replaced (in lower-constraints.txt to
match with test-requirements.txt).

[1] https://github.com/PyCQA/bandit/releases/tag/1.6.3
[2] https://github.com/PyCQA/bandit/pull/615
[3] https://github.com/PyCQA/bandit/issues/663
[4] https://github.com/PyCQA/bandit/issues/665

Change-Id: I2df0f9778b029ea369492649041ed375dccef2a7
---
 lower-constraints.txt | 2 +-
 test-requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lower-constraints.txt b/lower-constraints.txt
index 3c1e64e..d18738b 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -1,5 +1,5 @@
 bandit==1.4.0
-hacking==0.12.0
+hacking==1.1.0
 keystoneauth1==3.9.0
 oslo.config==5.2.0
 oslo.i18n==3.15.3
diff --git a/test-requirements.txt b/test-requirements.txt
index 838e1e7..61b0b8f 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -7,4 +7,4 @@ oslotest>=3.2.0 # Apache-2.0
 stestr>=1.0.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.4.0 # Apache-2.0
+bandit>=1.4.0,<=1.6.2 # Apache-2.0