cap bandit in test-requirements.txt

bandit is a linter and is listed in the "blacklist" from the
requirements repo, so it does not appear in the constraints lists.
Project teams are expected to manage the verions(s) allowed on their
own, to allow different teams to roll ahead to new versions as they can
rather than having the entire community do it in lock-step. This change
caps the version of bandit to the one available during the rocky
development cycle to avoid introducing the new rules from newer releases
into a stable branch.

Change-Id: Ia59de069b29f584cce21163a77812ec0ed243e65
This commit is contained in:
Slawek Kaplonski 2018-08-17 17:14:21 +02:00
parent 24aee13540
commit e789f92eb9

View File

@ -3,7 +3,7 @@
# process, which may cause wedges in the gate later. # process, which may cause wedges in the gate later.
hacking>=1.1.0 # Apache-2.0 hacking>=1.1.0 # Apache-2.0
bandit>=1.1.0 # Apache-2.0 bandit>=1.1.0,<1.5.0 # Apache-2.0
coverage!=4.4,>=4.0 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD fixtures>=3.0.0 # Apache-2.0/BSD
flake8-import-order==0.12 # LGPLv3 flake8-import-order==0.12 # LGPLv3