Hi Christoph, On Thu, 30 Apr 2026 at 11:30, Christoph Berg <[email protected]> wrote: > python3-openpyxl is a direct build-dependency of pandas, if that > helps. (It also considers build-depends-of-build-depends etc.) > > Sorry, I don't know an automated tool that would chase these chains, > and I don't know enough of this part of the python ecosystem to make a > better educated guess.
Again, that is useful. Thanks. > My interest here is because the Autorm affects omnidb. If it turns out > this bug doesn't actually break the world, we might be able to > downgrade it. I have looked at the bug and think we can downgrade the openpyxl to something less worrying. It is specific to that package's usage and I don't think it's really a problem for dependant packages like lava or omnidb. BUT seems like Josenilson Ferreira da SIlva has fixed it in salsa: https://salsa.debian.org/science-team/openpyxl [+cc Josenilson] @Josenilson, do you want me to upload this change for you for openpyxl? I just wonder if you should propose the patch upstream and add that to the patch metadata, first. Cheers! Chris -- debian-science-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
