[all][stable] bandit 1.6.3 drops py2 support

Sean Mooney smooney at redhat.com
Thu Dec 10 18:41:04 UTC 2020

On Thu, 2020-12-10 at 17:04 +0000, Jeremy Stanley wrote:
> On 2020-12-10 15:42:13 +0100 (+0100), Bernard Cafarelli wrote:
> [...]
> > This may get complicated to sort out, checking neutron cap [1], it failed
> > in grenade job when checking out bandit per swift requirements.
> > So it seems this one will need to be backported from the oldest affected
> > stable to train, with some "correct order" on packages - though if we need
> > it on 2 packages at same time to pass gates it may need overall capping?
> > 
> > [1] https://review.opendev.org/c/openstack/neutron/+/766218
> Oh wow, this is the first I've realized devstack installed
> test-requirements.txt for every project.
yep i have tried to stop it doing that a few times but apparently some project
rely on that which causes issue. eventually https://review.opendev.org/c/openstack/devstack/+/715469/
did make that change and where we can backport it i would be in favor of that but
this is not the first time that installing test requiremetn has broken dpeloyment due to linters.
in partical it has broken the compliation of dpdk and ovs where the  default linter configruution
broke make sicne it ran the test and style check failed.

>  That's a total mess since
> projects are totally encouraged to use different versions of test
> requirements where things like linters and static analyzers are
> concerned. Can't https://review.opendev.org/715469 be backported?

More information about the openstack-discuss mailing list