)]}'
{"test-requirements.txt":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"34013ade8ad868b95b26bd9d49a8394f46eccea5","unresolved":false,"context_lines":[{"line_number":18,"context_line":"testscenarios\u003e\u003d0.4 # Apache-2.0/BSD"},{"line_number":19,"context_line":"oslo.versionedobjects[fixtures]\u003e\u003d1.31.2 # Apache-2.0"},{"line_number":20,"context_line":"tempest\u003e\u003d17.1.0 # Apache-2.0"},{"line_number":21,"context_line":"bandit\u003e\u003d1.6.0 # Apache-2.0"},{"line_number":22,"context_line":"reno\u003e\u003d2.5.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":2,"id":"dfbec78f_2a10f6a7","line":21,"updated":"2019-05-15 14:08:37.000000000","message":"This isn\u0027t managed by upper-constraints, so if we don\u0027t make this a \u0027\u003d\u003d\u0027, we will run into problems in the stable branches later when another breaking bandit is released.  (If you make the change, you should probably add a comment saying what\u0027s up so someone doesn\u0027t put up a patch to \"fix\" your \u0027\u003d\u003d\u0027.)","commit_id":"fb3907173100723b4e8ff803392495ae30041209"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b33b7b601dcdd726c6970f4601da9a25e7d36530","unresolved":false,"context_lines":[{"line_number":18,"context_line":"testscenarios\u003e\u003d0.4 # Apache-2.0/BSD"},{"line_number":19,"context_line":"oslo.versionedobjects[fixtures]\u003e\u003d1.31.2 # Apache-2.0"},{"line_number":20,"context_line":"tempest\u003e\u003d17.1.0 # Apache-2.0"},{"line_number":21,"context_line":"bandit\u003e\u003d1.6.0 # Apache-2.0"},{"line_number":22,"context_line":"reno\u003e\u003d2.5.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":2,"id":"bfb3d3c7_6a945745","line":21,"in_reply_to":"bfb3d3c7_8acc2b8a","updated":"2019-05-20 07:23:45.000000000","message":"Done","commit_id":"fb3907173100723b4e8ff803392495ae30041209"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"881ddae88ff1cad8605804dd18d15ac689e4082e","unresolved":false,"context_lines":[{"line_number":18,"context_line":"testscenarios\u003e\u003d0.4 # Apache-2.0/BSD"},{"line_number":19,"context_line":"oslo.versionedobjects[fixtures]\u003e\u003d1.31.2 # Apache-2.0"},{"line_number":20,"context_line":"tempest\u003e\u003d17.1.0 # Apache-2.0"},{"line_number":21,"context_line":"bandit\u003e\u003d1.6.0 # Apache-2.0"},{"line_number":22,"context_line":"reno\u003e\u003d2.5.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":2,"id":"bfb3d3c7_8acc2b8a","line":21,"in_reply_to":"bfb3d3c7_fd0eeb30","updated":"2019-05-20 07:22:31.000000000","message":"I see, requirements has blacklisted bandit[1]\nUpdating in next PS\n\n[1] https://github.com/openstack/requirements/blob/master/blacklist.txt#L4","commit_id":"fb3907173100723b4e8ff803392495ae30041209"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"5a2a1900e19dcdd8259f334714fab3c21c466c93","unresolved":false,"context_lines":[{"line_number":18,"context_line":"testscenarios\u003e\u003d0.4 # Apache-2.0/BSD"},{"line_number":19,"context_line":"oslo.versionedobjects[fixtures]\u003e\u003d1.31.2 # Apache-2.0"},{"line_number":20,"context_line":"tempest\u003e\u003d17.1.0 # Apache-2.0"},{"line_number":21,"context_line":"bandit\u003e\u003d1.6.0 # Apache-2.0"},{"line_number":22,"context_line":"reno\u003e\u003d2.5.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":2,"id":"bfb3d3c7_fd0eeb30","line":21,"in_reply_to":"dfbec78f_200b3724","updated":"2019-05-17 02:33:43.000000000","message":"Yes, but I think this is the behavior we want in the stable branches.  We could keep bandit\u003e\u003d1.6.0 in requrements.txt, but we would have to remember to change it to bandit\u003d\u003d1.6.0 (or whatever the working bandit version is) in stable/train as soon as stable/train is cut.  I think it\u0027s safer to set the \u003d\u003d here in master and then patch this file if a new version comes along that we want to use, and we will be able to see on that review whether the new version breaks stuff or not.\n\nThe problem is that the requirements team isn\u0027t monitoring bandit, so we need to do it ourselves.","commit_id":"fb3907173100723b4e8ff803392495ae30041209"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"2935901c4f54e87a5e1bc8982a40861f54ca83d9","unresolved":false,"context_lines":[{"line_number":18,"context_line":"testscenarios\u003e\u003d0.4 # Apache-2.0/BSD"},{"line_number":19,"context_line":"oslo.versionedobjects[fixtures]\u003e\u003d1.31.2 # Apache-2.0"},{"line_number":20,"context_line":"tempest\u003e\u003d17.1.0 # Apache-2.0"},{"line_number":21,"context_line":"bandit\u003e\u003d1.6.0 # Apache-2.0"},{"line_number":22,"context_line":"reno\u003e\u003d2.5.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":2,"id":"dfbec78f_200b3724","line":21,"in_reply_to":"dfbec78f_2a10f6a7","updated":"2019-05-15 15:17:13.000000000","message":"won\u0027t the \u0027\u003d\u003d\u0027 will cause problem when new bandit versions will be available? IIUC it will always install 1.6.0 even when higher versions (1.7.0 ...) will be released.","commit_id":"fb3907173100723b4e8ff803392495ae30041209"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"7f8a013e07b6fe10045c5b7784f5bf44b373f08a","unresolved":false,"context_lines":[{"line_number":18,"context_line":"testscenarios\u003e\u003d0.4 # Apache-2.0/BSD"},{"line_number":19,"context_line":"oslo.versionedobjects[fixtures]\u003e\u003d1.31.2 # Apache-2.0"},{"line_number":20,"context_line":"tempest\u003e\u003d17.1.0 # Apache-2.0"},{"line_number":21,"context_line":"bandit\u003d\u003d1.6.0 # Apache-2.0"},{"line_number":22,"context_line":"reno\u003e\u003d2.5.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":3,"id":"bfb3d3c7_c478cff9","line":21,"updated":"2019-05-20 15:16:45.000000000","message":"I suggest putting a comment before this, something like\n\n# bandit is not included in upper-constraints, so we need to pin it here to a known working version\n\nEither that or change the commit message subject to \"Pin bandit version\" and mention the above in the body of the commit message.  We just need something that makes it obvious why this is the only thing in test-requirements.txt with a \u0027\u003d\u003d\u0027, either via \u0027git blame\u0027 or right in the reader\u0027s face with a comment.","commit_id":"54c1b0951401d596ae3c89aa4c937858a21a79cb"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"3d14989dac1eea3dd296660af01b31dbd22f1ec3","unresolved":false,"context_lines":[{"line_number":18,"context_line":"testscenarios\u003e\u003d0.4 # Apache-2.0/BSD"},{"line_number":19,"context_line":"oslo.versionedobjects[fixtures]\u003e\u003d1.31.2 # Apache-2.0"},{"line_number":20,"context_line":"tempest\u003e\u003d17.1.0 # Apache-2.0"},{"line_number":21,"context_line":"bandit\u003d\u003d1.6.0 # Apache-2.0"},{"line_number":22,"context_line":"reno\u003e\u003d2.5.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":3,"id":"bfb3d3c7_35e31336","line":21,"in_reply_to":"bfb3d3c7_c478cff9","updated":"2019-05-20 16:57:35.000000000","message":"Done\nI prefer the comment here as done for hacking (flake8 is in hacking requirements) that is also blacklisted in requirements","commit_id":"54c1b0951401d596ae3c89aa4c937858a21a79cb"}]}