Hi I am trying to fix the CVE for SALT Unfortunatly this will need a backport of salt 3002.9 that in turn need: python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2), python3-setuptools-scm (>= 3.4) to be investigated) python3-attr (>= 19.1) I believe the first one used only for test could be solved For the second one, I think we should not update due to reverse depends What is the usual guidance in this case ? Can we embed (python3-venv) the python3-attr package ? Is it worthwhile ? Bastien [1] Package: automat Package: black Package: cfgrib Package: dhcpcanon Package: fiona Package: magic-wormhole Package: magic-wormhole-mailbox-server Package: pytest Package: python-hypothesis Package: python-service-identity Package: python-treq Package: python-zeep Package: rasterio Package: ufolib2
Attachment:
signature.asc
Description: This is a digitally signed message part.