From d2e62c152ae5269411862d6bfc8d98b231637b14 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Wed, 15 May 2019 15:23:22 +0000
Subject: [PATCH] Cap Bandit below 1.6.0 and update Sphinx requirement

Bandit 1.6.0 accidentally changed how the exclusion list option is
handled and breaks our use of it. Cap to the previous version until
Bandit has fixed the problem.

Sphinx 2.0 no longer works on python 2.7, so we need to start capping
it there as well.

Change-Id: Ifdad77dfc957ed90da88efe729cc6b35e96f0392
Reference: https://github.com/PyCQA/bandit/pull/489
---
 doc/requirements.txt  | 3 ++-
 test-requirements.txt | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/requirements.txt b/doc/requirements.txt
index 9a410c5..263cc86 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.
 # These are needed for docs generation
 openstackdocstheme>=1.18.1 # Apache-2.0
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 reno>=2.5.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
diff --git a/test-requirements.txt b/test-requirements.txt
index 8cbddcd..6f0580b 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -10,5 +10,5 @@ testtools>=2.2.0 # MIT
 coverage!=4.4,>=4.0 # Apache-2.0
 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
 # Bandit security code scanner
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.6.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0