[stable-only] Cap bandit to 1.6.2, bump lower-constraints

The 1.6.3 [1] release has dropped support for py2 [2] so cap to 1.6.2
when using py2.

We also need to bump the lower constraint of keystoneauth1 since our
minimum version of openstacksdk, 0.17.0, depends on keystoneauth1>=3.8.0
and PyPI 20.1+ won't allow this to stand.

[1] https://github.com/PyCQA/bandit/releases/tag/1.6.3
[2] https://github.com/PyCQA/bandit/pull/615

Change-Id: Iad568c152d49c2fe5dd31dc9b05c07e3d4fd1a83
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>

lower-constraints.txt

@@ -38,7 +38,7 @@ jmespath==0.9.0
 jsonpatch==1.16
 jsonpointer==1.13
 jsonschema==2.6.0
-keystoneauth1==3.6.2
+keystoneauth1==3.8.0
 kombu==4.0.0
 linecache2==1.0.0
 MarkupSafe==1.0

requirements.txt

@@ -6,7 +6,7 @@ six>=1.10.0 # MIT
 
 Babel!=2.4.0,>=2.3.4 # BSD
 cliff!=2.9.0,>=2.8.0 # Apache-2.0
-keystoneauth1>=3.6.2 # Apache-2.0
+keystoneauth1>=3.8.0 # Apache-2.0
 openstacksdk>=0.17.0 # Apache-2.0
 osc-lib>=1.14.0 # Apache-2.0
 oslo.i18n>=3.15.3 # Apache-2.0

test-requirements.txt

@@ -15,7 +15,7 @@ stestr>=1.0.0 # Apache-2.0
 testtools>=2.2.0 # MIT
 tempest>=17.1.0 # Apache-2.0
 osprofiler>=1.4.0 # Apache-2.0
-bandit!=1.6.0,>=1.1.0 # Apache-2.0
+bandit!=1.6.0,>=1.1.0,<=1.6.2 # Apache-2.0
 wrapt>=1.7.0 # BSD License
 
 # Install these to generate sphinx autodocs

tox.ini

@@ -138,7 +138,7 @@ import-order-style = pep8
 application_import_names = openstackclient
 
 [testenv:lower-constraints]
-basepython = python3
+basepython = python2.7
 deps =
   -c{toxinidir}/lower-constraints.txt
   -r{toxinidir}/test-requirements.txt