From 3ed4676f93996b9f1d81a2826020d0c8cead4425 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Wed, 15 May 2019 15:56:42 +0000
Subject: Cap Bandit below 1.6.0 and update Sphinx requirement

Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: I719a8cff50dcc0dea62db14edf7b9ab35b72facd
Reference: https://github.com/PyCQA/bandit/pull/489
---
 doc/requirements.txt  | 3 ++-
 test-requirements.txt | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/requirements.txt b/doc/requirements.txt
index 6d85810..20f0c92 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -2,7 +2,8 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 # this is required for the docs build jobs
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 openstackdocstheme>=1.18.1 # Apache-2.0
 reno>=2.5.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
diff --git a/test-requirements.txt b/test-requirements.txt
index 767c41b..ce63b70 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -24,4 +24,4 @@ mock>=2.0.0 # BSD
 oslo.config>=5.2.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0
-- 
cgit v1.2.1