Hello all, $subject [1][2] is breaking various <= stable/train jobs where we attempt to pull bandit in while still using py2. This has been reported upstream and it looks like the 1.6.3 release may end up being yanked. If it isn't I've proposed the following requirements change to try to cap bandit to the 1.6.2 release, assuming this is safe to do on stable: Cap bandit at 1.6.2 when using py2 https://review.opendev.org/c/openstack/requirements/+/766170 Cheers, [1] https://github.com/PyCQA/bandit/releases/tag/1.6.3 [2] https://github.com/PyCQA/bandit/pull/615 [3] https://github.com/PyCQA/bandit/issues/663 -- Lee Yarwood A5D1 9385 88CB 7E5F BE64 6618 BCA6 6E33 F672 2D76