Comment 3 for bug 1904327

Well, on train I think we still run CentOS 7 on py2, but Ubuntu is using py3.6. However you was saying about stein usage.

For this case I can only suggest adding msgpack==1.0 (or appropriate version) in https://opendev.org/openstack/openstack-ansible/src/branch/master/global-requirement-pins.txt
This file is used while building venvs and has prescedence.

We can't fix this in code since we shoould follow upper-constraints, which force us to use vulnerable version.