There's a regression in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request to fix it, and I expect it will be included in
the next release.
Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.
Co-Authored-By: Jake Yip <firstname.lastname@example.org>
(cherry picked from commit 913636b6b1fdcdbcfed951ad1ca68a5f84f7b8e0)
(cherry picked from commit eec7184fbc2de00d30752f16160c9553bdd2df7d)