From a6313baf656cc7dc96783489613027c9f6c1958a Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Mon, 13 May 2019 18:00:50 +0000
Subject: [PATCH] Cap Bandit below 1.6.0 and update Sphinx requirement

Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: Ib8da5b64084d5c9b7b7d896d6b7bb7844c0b9e90
Reference: https://github.com/PyCQA/bandit/pull/489
---
 doc/requirements.txt  | 3 ++-
 test-requirements.txt | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/doc/requirements.txt b/doc/requirements.txt
index 2980a2df..e478ee6a 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -2,7 +2,8 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 openstackdocstheme>=1.18.1 # Apache-2.0
 reno>=2.5.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
diff --git a/test-requirements.txt b/test-requirements.txt
index ffbe9cc8..dab06dda 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -20,13 +20,14 @@ oslo.log>=3.36.0  # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 
 # this is required for the sphinx extension
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 
 # mocking framework
 mock>=2.0.0 # BSD
 requests_mock>=1.5.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0
 
 reno>=2.5.0 # Apache-2.0