We pin to a specific version of Bandit for two reasons:
1) floating dependencies are a potential source of errors in a service like
Precaution, the version of a dependency you get depends on the time you
perform the installation and a new release may introduce unanticipated
issues or failures. For example...
2) the most recent 1.6.0 release of Bandit is broken on our Travis CI, for
example see: https://travis-ci.org/vmware/precaution/builds/532278770
We pin to a specific version of Bandit for two reasons: 1) floating dependencies are a potential source of errors in a service like Precaution, the version of a dependency you get depends on the time you perform the installation and a new release may introduce unanticipated issues or failures. For example... 2) the most recent 1.6.0 release of Bandit is broken on our Travis CI, for example see: https://travis-ci.org/vmware/precaution/builds/532278770
Signed-off-by: Joshua Lock jlock@vmware.com