Blacklist bandit 1.6.0

There's a regression[0] in bandit 1.6.0 which causes bandit to stop respecting excluded directories, and our tests throw a bunch of violations. Blacklist this version, but allow newer versions as there is already a pull request[1] to fix it, and I expect it will be included in the next release. [0] https://github.com/PyCQA/bandit/issues/488 [1] https://github.com/PyCQA/bandit/pull/489 For additional details, refer to ML Thread[1] [1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html Change-Id: I01b3ee75aa52b2711bacbf26690ce55a4c3f336e
2019-05-13 22:03:33 +05:30 · 2019-05-13 22:03:33 +05:30 · 91a57e56e0
commit 91a57e56e0
parent ce00c5ab1c
2 changed files with 2 additions and 1 deletions
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -3,6 +3,7 @@ amqp==2.1.1
 appdirs==1.4.0
 asn1crypto==0.23.0
 Babel==2.3.4
+bandit==1.4.0
 cachetools==2.0.0
 cffi==1.7.0
 chardet==3.0.4
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -10,7 +10,7 @@
 hacking>=1.1.0 # Apache-2.0
 #
 astroid==2.1.0;python_version>='3.0' # LGPLv2.1
-bandit>=1.4.0 # Apache-2.0
+bandit!=1.6.0,>=1.4.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 doc8>=0.6.0 # Apache-2.0
 flake8-import-order==0.12 # LGPLv3