From c304f11d0e7b4caf4b705e3a3dfdc0ffe8d78e06 Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Wed, 9 Dec 2020 12:38:03 +0000 Subject: [PATCH] [stable-only] Cap bandit to 1.6.2 The 1.6.3 [1] release has dropped support for py2 [2] so cap to 1.6.2 when using py2. Also fix sphinx doc requirements and xattr requirement to make requirements-check job pass. [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] https://github.com/PyCQA/bandit/pull/615 Depends-On: https://review.opendev.org/c/openstack/devstack/+/768257 Closes-Bug: #1907438 Change-Id: I294d5350e2f418614e54ff7bdd47dff16bfdcdbc (cherry picked from commit 1f2326cd7cf5f8e32a55091f976f917093a0bede) --- doc/requirements.txt | 3 ++- requirements.txt | 2 +- test-requirements.txt | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/requirements.txt b/doc/requirements.txt index 13c167a85b..b6cb3e2d9f 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -2,7 +2,8 @@ # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. # this is required for the docs build jobs -sphinx>=1.6.2 # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD openstackdocstheme>=1.11.0 # Apache-2.0 reno>=1.8.0 # Apache-2.0 os-api-ref>=1.0.0 # Apache-2.0 diff --git a/requirements.txt b/requirements.txt index df5d26b69a..93fc05c029 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,7 +10,7 @@ PasteDeploy>=1.3.3 lxml>=3.4.1 requests>=2.14.2 # Apache-2.0 six>=1.9.0 -xattr>=0.4 +xattr>=0.4;sys_platform!='win32' # MIT PyECLib>=1.3.1 # BSD cryptography!=2.0,>=1.6 # BSD/Apache-2.0 ipaddress>=1.0.16;python_version<'3.3' # PSF diff --git a/test-requirements.txt b/test-requirements.txt index cf97918f03..b04b497a5c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -20,6 +20,6 @@ fixtures>=3.0.0 # Apache-2.0/BSD keystonemiddleware>=4.17.0 # Apache-2.0 # Security checks -bandit>=1.1.0 # Apache-2.0 +bandit>=1.1.0,<=1.6.2 # Apache-2.0 docutils>=0.11 # OSI-Approved Open Source, Public Domain