stable-only: Pin bandit

Since bandit 1.7.7, we have to install the basiline extra to use bandit-baseline. This was fixed in master, but for stable branches it may be better to use the known good version instead, to avoid updating stable branches when any breaking change is made in bandit. Change-Id: I07ff03007e4e7247ad4fcf0dba16b87a02e3179d (cherry picked from commit 7a039ecb09) (cherry picked from commit 363c1df7c9)
2024-01-30 11:13:20 +09:00 · 2024-01-30 11:13:20 +09:00 · 99c7a96667
parent c8579f5143
commit 99c7a96667
1 changed files with 1 additions and 1 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -3,7 +3,7 @@
 # process, which may cause wedges in the gate later.
 # Hacking already pins down pep8, pyflakes and flake8
 hacking>=3.0.1,<3.1.0 # Apache-2.0
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<1.7.7 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 nose>=1.3.7 # LGPL
 nosexcover>=1.0.10 # BSD