Well, on train I think we still run CentOS 7 on py2, but Ubuntu is using py3.6. However you was saying about stein usage.
For this case I can only suggest adding msgpack==1.0 (or appropriate version) in https://opendev.org/openstack/openstack-ansible/src/branch/master/global-requirement-pins.txt This file is used while building venvs and has prescedence.
We can't fix this in code since we shoould follow upper-constraints, which force us to use vulnerable version.
Well, on train I think we still run CentOS 7 on py2, but Ubuntu is using py3.6. However you was saying about stein usage.
For this case I can only suggest adding msgpack==1.0 (or appropriate version) in https:/ /opendev. org/openstack/ openstack- ansible/ src/branch/ master/ global- requirement- pins.txt
This file is used while building venvs and has prescedence.
We can't fix this in code since we shoould follow upper-constraints, which force us to use vulnerable version.