stable-only: Pin bandit

Since bandit 1.7.7, we have to install the basiline extra to use bandit-baseline. This was fixed in master, but for stable branches it may be better to use the known good version instead, to avoid updating stable branches when any breaking change is made in bandit. Change-Id: I07ff03007e4e7247ad4fcf0dba16b87a02e3179d
2024-01-30 11:13:20 +09:00 · 2024-01-30 11:13:20 +09:00 · 7a039ecb09
parent 99ded06e82
commit 7a039ecb09
1 changed files with 1 additions and 1 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -3,7 +3,7 @@
 # process, which may cause wedges in the gate later.
 # Hacking already pins down pep8, pyflakes and flake8
 hacking>=3.0.1,<3.1.0 # Apache-2.0
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.7.7 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 nose>=1.3.7 # LGPL
 nosexcover>=1.0.10 # BSD