From e789f92eb9de457bea9ca1985f58732b3eb87ef8 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Fri, 17 Aug 2018 17:14:21 +0200 Subject: [PATCH] cap bandit in test-requirements.txt bandit is a linter and is listed in the "blacklist" from the requirements repo, so it does not appear in the constraints lists. Project teams are expected to manage the verions(s) allowed on their own, to allow different teams to roll ahead to new versions as they can rather than having the entire community do it in lock-step. This change caps the version of bandit to the one available during the rocky development cycle to avoid introducing the new rules from newer releases into a stable branch. Change-Id: Ia59de069b29f584cce21163a77812ec0ed243e65 --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index 5806b7c5038..dd8819e5f50 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -3,7 +3,7 @@ # process, which may cause wedges in the gate later. hacking>=1.1.0 # Apache-2.0 -bandit>=1.1.0 # Apache-2.0 +bandit>=1.1.0,<1.5.0 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0 fixtures>=3.0.0 # Apache-2.0/BSD flake8-import-order==0.12 # LGPLv3