Bandit with python 3.6 cannot be installed

[AbdealiLoKo]

Describe the bug

Installing bandit with python 3.6 throws an error.

Reproduction steps

$ ~/python36/bin/python -m venv venv

$ venv/bin/python -V
Python 3.6.5 :: Anaconda, Inc.

$ venv/bin/pip install bandit
Collecting bandit
  Cache entry deserialization failed, entry ignored
  Cache entry deserialization failed, entry ignored
  Downloading https://files.pythonhosted.org/packages/1b/b7/be70ee3cc87607ffc474d95ca0ce4d06c2fcad8163cc6b47a99470f09826/bandit-1.7.2-py3-none-any.whl (113kB)
    100% |████████████████████████████████| 122kB 1.9MB/s
bandit requires Python '>=3.7' but the running Python is 3.6.5

### Expected behavior

I understand that python 3.6 is end of life, but I would have expected an older version of bandit to be installed and work
Currently what it looks like is that it is downloading bandit==1.7.2 and that is not working with python 3.6
Which is pretty weird

### Bandit version

1.7.2

### Python version

3.6

### Additional context

I still have some CI setups that use the older version of python
Yes, even though it is EOL... (I have limited influence in how much i can encourage my users to more to py 3.7+)

[AbdealiLoKo]

After discussing with some folks at pantsbuild - I realized the issue was pip version. When I create a venv - the pip version is quite old by default

$ ~/python36/bin/pip -V
pip 21.0.1
$ venv/bin/pip -V
pip 9.0.3

Doing: venv/bin/pip install -U pip got me pip 21.3.1 which works fine