Temporarily pin bandit to 1.5.1

A recent regression in bandit 1.6.0 permits the scanning of test files for vulnerabilities even when those files should be excluded using the '-x' flag. This change temporarily pins bandit to 1.5.1 in test-requirements.txt to get around this issue in the short term. This patch should be undone once bandit 1.6.1 is released, fixing this issue.
2025-12-10 13:23:15 +00:00 · 2019-05-09 10:40:19 -04:00
parent cd16b20a6b
commit a7f05ab7be
1 changed files with 1 additions and 1 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -6,4 +6,4 @@ fixtures
 mock
 slugs
 sphinx
-bandit
+bandit==1.5.1