[all][stable] bandit 1.6.3 drops py2 support

Előd Illés elod.illes at est.tech
Thu Dec 10 17:29:48 UTC 2020

That patch looks promising! Thanks Jeremy!
We need to be careful though as that could involve some new errors.
I've found this mail [1] related to the mentioned patch with some errors 
and fixes.
If that's all, then maybe that is the best way forward to backport these 

@QA Team, what do you think? Are you aware of other possible issues?




On 2020. 12. 10. 18:04, Jeremy Stanley wrote:
> On 2020-12-10 15:42:13 +0100 (+0100), Bernard Cafarelli wrote:
> [...]
>> This may get complicated to sort out, checking neutron cap [1], it failed
>> in grenade job when checking out bandit per swift requirements.
>> So it seems this one will need to be backported from the oldest affected
>> stable to train, with some "correct order" on packages - though if we need
>> it on 2 packages at same time to pass gates it may need overall capping?
>> [1] https://review.opendev.org/c/openstack/neutron/+/766218
> Oh wow, this is the first I've realized devstack installed
> test-requirements.txt for every project. That's a total mess since
> projects are totally encouraged to use different versions of test
> requirements where things like linters and static analyzers are
> concerned. Can't https://review.opendev.org/715469 be backported?

More information about the openstack-discuss mailing list