Cap Bandit below 1.6.0 and update Sphinx requirement

Bandit 1.6.0 accidentally changed how the exclusion list option is handled and breaks our use of it. Cap to the previous version until Bandit has fixed the problem. Sphinx 2.0 no longer works on python 2.7, so we need to start marking it there as well. Co-Authored-By: Hervé Beraud <hberaud@redhat.com> Co-Authored-By: Ben Nemec <openstack@nemebean.com> Reference: https://github.com/PyCQA/bandit/pull/489 Related to Ibaa10b092b262e49435d35f093906bb75dc9762f Change-Id: Ie3dd6c91c733b85c233213a1c6343009d5f34766
2019-05-10 11:31:00 +08:00 · 2019-05-10 11:31:00 +08:00 · 6aa2b7159c
parent 99eb0bc18e
commit 6aa2b7159c
1 changed files with 3 additions and 2 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -11,11 +11,12 @@ stestr>=2.0.0 # Apache-2.0

 # These are needed for docs generation/testing
 openstackdocstheme>=1.18.1 # Apache-2.0
-sphinx!=1.6.6,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 doc8>=0.6.0 # Apache-2.0
 reno>=2.5.0 # Apache-2.0

 coverage!=4.4,>=4.0 # Apache-2.0

 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0