On Fri, 2021-03-26 at 16:45 +0000, Robin H. Johnson wrote: > On Fri, Mar 26, 2021 at 09:27:39AM +0100, Michał Górny wrote: > > # Michał Górny <mgo...@gentoo.org> (2021-03-26) > > # Pins to a vulnerable version of dev-python/urllib3. No maintainer > > # in Gentoo. > > # Removal on 2021-04-25. Bug #714860. > > dev-python/elasticsearch-curator > Can you hold off a bit on this one? > > The latest version in the tree IS the latest version upstream, and they > only made progress in the urllib3 issue in the past week: > https://github.com/elastic/curator/pull/1595 > https://github.com/elastic/curator/issues/1589 > > Hopefully they'll get a new version out within the next few weeks.
I don't see a problem delaying the removal. However, the previous package maintainer resigned, so nothing's going to happen unless someone decides to take it. Then, it really needs porting to non-vulnerable urllib3 version. -- Best regards, Michał Górny
