fyi;It seems the new release of bandit (1.7.5) just came out and this introduces a new lint ruleto require defining the timeout parameter for all "requests" calls.This is currently affecting heat and quick search shows some of the other projects contain some codenot compliant with this rule(barbican, ceilometer, cinder, glance, manila, nova, ...).
Also, it seems we do not pin bandit by u-c for some reason this likely affects all stable branches.Actually I first noticed this when I tried to backport one fix to 2023.1 branch of heat...Thank you,Takashi