From 7580aa483bd883d6a653931b480c26c921fc45cc Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Mon, 13 May 2019 19:48:30 +0000
Subject: [PATCH] Cap Bandit below 1.6.0 and update Sphinx requirement

Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: Idead9b4198c6b05d72bae60dee06e5aebc223822
Reference: https://github.com/PyCQA/bandit/pull/489
(cherry picked from commit 1d7ca8a198419896346369311fccedea5a559f66)
(cherry picked from commit 3a22403be8f0c32581d108a2eb4d0674e9c00e40)
---
 test-requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index aea29ba0..ebea2304 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -12,9 +12,10 @@ coverage!=4.4,>=4.0 # Apache-2.0
 
 # These are needed for docs generation
 openstackdocstheme>=1.18.1 # Apache-2.0
-sphinx!=1.6.6,!=1.6.7,>=1.6.5 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.5,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.5;python_version>='3.4' # BSD
 
 reno>=2.5.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0