Update bandit to 1.7.0

The 322 test was not yet deprecated in our last pinned version (1.4.0) so removing it from the skip list in #5670 broke in local environments in which bandit wasn't upgraded (as is done each run in CI). Also, 1.4.0 didn't yet support glob patterns in bandit's --exclude option, so running it locally would take forever as the .venv directory was scanned.
freedomofpress · Dec 15, 2020 · 2921297 · 2921297
1 parent b24cbaa
commit 2921297
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/securedrop/requirements/python3/develop-requirements.txt b/securedrop/requirements/python3/develop-requirements.txt
@@ -48,9 +48,9 @@ attrs==20.2.0 \
     --hash=sha256:26b54ddbbb9ee1d34d5d3668dd37d6cf74990ab23c828c2888dccdceee395594 \
     --hash=sha256:fce7fc47dfc976152e82d53ff92fa0407700c21acd20886a13777a0d20e655dc \
     # via pytest
-bandit==1.4.0 \
-    --hash=sha256:cb977045497f83ec3a02616973ab845c829cdab8144ce2e757fe031104a9abd4 \
-    --hash=sha256:de4cc19d6ba32d6f542c6a1ddadb4404571347d83ef1ed1e7afb7d0b38e0c25b \
+bandit==1.7.0 \
+    --hash=sha256:216be4d044209fa06cf2a3e51b319769a51be8318140659719aa7a115c35ed07 \
+    --hash=sha256:8a4c7415254d75df8ff3c3b15cfe9042ecee628a1e40b44c15a98890fbfc2608 \
     # via -r requirements/python3/develop-requirements.in
 bcrypt==3.1.3 \
     --hash=sha256:05b35b9842b009b44496fa5433ce462f69966291e50fbd471dbb427f399f748f \