pre-commit: Bump versions

... and use native hooks for bandit and hacking

Change-Id: Ife6cef2d51af967f3870b27d6f13efd9f5da8623

.pre-commit-config.yaml

@@ -1,15 +1,6 @@
-# We from the Oslo project decided to pin repos based on the
-# commit hash instead of the version tag to prevend arbitrary
-# code from running in developer's machines.  To update to a
-# newer version, run `pre-commit autoupdate` and then replace
-# the newer versions with their commit hash.
-
-default_language_version:
-  python: python3
-
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: 9136088a246768144165fcc3ecc3d31bb686920a # v3.3.0
+    rev: v5.0.0
     hooks:
       - id: trailing-whitespace
       # Replaces or checks mixed line ending
@@ -27,13 +18,13 @@ repos:
       - id: debug-statements
       - id: check-yaml
         files: .*\.(yaml|yml)$
-  - repo: local
+  - repo: https://opendev.org/openstack/hacking
+    rev: 7.0.0
     hooks:
-      - id: flake8
+      - id: hacking
-        name: flake8
+        additional_dependencies: []
-        additional_dependencies:
+  - repo: https://github.com/PyCQA/bandit
-          - hacking>=6.1.0,<6.2.0
+    rev: 1.7.10
-        language: python
+    hooks:
-        entry: flake8
+      - id: bandit
-        files: '^.*\.py$'
+        args: ['-x', 'tests', '--skip', 'B303']
-        exclude: '^(doc|releasenotes|tools)/.*$'

test-requirements.txt

@@ -1,4 +1,3 @@
-hacking>=6.1.0,<6.2.0 # Apache-2.0
 oslotest>=3.2.0 # Apache-2.0
 testtools>=2.2.0 # MIT
 coverage>=4.0 # Apache-2.0
@@ -6,8 +5,3 @@ jsonschema>=3.2.0 # MIT
 stestr>=2.0.0 # Apache-2.0
 
 fixtures>=3.0.0 # Apache-2.0/BSD
-
-# Bandit security code scanner
-bandit>=1.7.0,<1.8.0 # Apache-2.0
-
-pre-commit>=2.6.0 # MIT

tox.ini

@@ -11,10 +11,10 @@ deps =
 commands = stestr run --slowest {posargs}
 
 [testenv:pep8]
+deps =
+  pre-commit>=2.6.0 # MIT
 commands =
   pre-commit run -a
-  # Run security linter
-  bandit -r oslo_versionedobjects tests -n5 --skip B303
 
 [testenv:venv]
 commands = {posargs}