From fba3b78fad2356f2715270a6f7d1ffbc27f63fd5 Mon Sep 17 00:00:00 2001
From: Elod Illes <elod.illes@est.tech>
Date: Wed, 24 Feb 2021 09:11:25 +0100
Subject: [stable-only] Cap bandit to 1.6.2

The 1.6.3 [1] release has dropped support for py2 [2] but the release
is faulty and pip still picks it up for py2 [3][4], so cap to 1.6.2
when using py2.

sphinx requirement needed to be updated to make requirements-check job
pass.

[1] https://github.com/PyCQA/bandit/releases/tag/1.6.3
[2] https://github.com/PyCQA/bandit/pull/615
[3] https://github.com/PyCQA/bandit/issues/663
[4] https://github.com/PyCQA/bandit/issues/665

Change-Id: I787a0276ec0a62bc9e2f068e4e4ee1219a306474
---
 doc/requirements.txt  | 3 ++-
 test-requirements.txt | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/requirements.txt b/doc/requirements.txt
index 9a410c5..cacbf80 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.
 # These are needed for docs generation
 openstackdocstheme>=1.18.1 # Apache-2.0
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7'  # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4'  # BSD
 reno>=2.5.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
diff --git a/test-requirements.txt b/test-requirements.txt
index 9e062a9..21ed689 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -10,5 +10,5 @@ testtools>=2.2.0 # MIT
 coverage!=4.4,>=4.0 # Apache-2.0
 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<=1.6.2 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
-- 
cgit v1.2.1