)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"2e46e95b9fb7d3bb0cc32aa47a3f65735ac0432a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"2150a7d3_34a8d754","updated":"2026-03-20 16:42:01.000000000","message":"Approving with my nearly approved DPL hat on :-)","commit_id":"c74c27a329430894aa7b9e16f61d23c0d2b35526"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"c033a501e4471c641080561f42ed82e8da299c5e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"52f2477f_822aa5a9","updated":"2026-03-20 16:38:54.000000000","message":"overriding PTL-approval since the reqs team is currently still leaderless, but I\u0027ll be release contact rsn","commit_id":"c74c27a329430894aa7b9e16f61d23c0d2b35526"}],"deliverables/gazpacho/requirements.yaml":[{"author":{"_account_id":17685,"name":"Elod Illes","email":"elod.illes@est.tech","username":"elod.illes"},"change_message_id":"66fb30efd5fa881a8d135e40e68fbe1a84caf2de","unresolved":true,"context_lines":[{"line_number":8,"context_line":"branches:"},{"line_number":9,"context_line":"  - name: stable/2026.1"},{"line_number":10,"context_line":"    location:"},{"line_number":11,"context_line":"      openstack/requirements: 754ae37e67ba08c1695698ea7a8ebe52efa711d9"},{"line_number":12,"context_line":"repository-settings:"},{"line_number":13,"context_line":"  openstack/requirements: {}"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"e90f5677_3addbcba","line":11,"updated":"2026-03-20 15:47:00.000000000","message":"if i remember correctly we agreed that Django 4.2.29 bump [1] should get an RFE on last week\u0027s release meeting (though it was just release team\u0027s point of view, but i *think* Requirements team could also grant RFE for a PATCH version bump that covers CVE fixes for Django 4.2)\n\n[1] https://review.opendev.org/c/openstack/requirements/+/980133","commit_id":"c74c27a329430894aa7b9e16f61d23c0d2b35526"},{"author":{"_account_id":17685,"name":"Elod Illes","email":"elod.illes@est.tech","username":"elod.illes"},"change_message_id":"f68c15f1554c68341f651d0a005d634e1e43043a","unresolved":false,"context_lines":[{"line_number":8,"context_line":"branches:"},{"line_number":9,"context_line":"  - name: stable/2026.1"},{"line_number":10,"context_line":"    location:"},{"line_number":11,"context_line":"      openstack/requirements: 754ae37e67ba08c1695698ea7a8ebe52efa711d9"},{"line_number":12,"context_line":"repository-settings:"},{"line_number":13,"context_line":"  openstack/requirements: {}"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"ca1ab1ab_a148f4dd","line":11,"in_reply_to":"4f997bcd_a06deec9","updated":"2026-03-20 17:26:44.000000000","message":"I still think that bumping Django version from 4.2.28 to 4.2.29 would not harm and horizon team requested it after the agreement was that it is too late to bump to 5.2.... but i acknowledge your decision. so let\u0027s cut the branch.","commit_id":"c74c27a329430894aa7b9e16f61d23c0d2b35526"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"c033a501e4471c641080561f42ed82e8da299c5e","unresolved":false,"context_lines":[{"line_number":8,"context_line":"branches:"},{"line_number":9,"context_line":"  - name: stable/2026.1"},{"line_number":10,"context_line":"    location:"},{"line_number":11,"context_line":"      openstack/requirements: 754ae37e67ba08c1695698ea7a8ebe52efa711d9"},{"line_number":12,"context_line":"repository-settings:"},{"line_number":13,"context_line":"  openstack/requirements: {}"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"4f997bcd_a06deec9","line":11,"in_reply_to":"e90f5677_3addbcba","updated":"2026-03-20 16:38:54.000000000","message":"As per fungi\u0027s comment, this isn\u0027t necessary, upper-constraints is not meant to track any security issues, other than possibly for openstack deliverables themselves. We will be able to bump Django to 5.x in master after branching and possibly bump to latest 4.x in the stable branch after the release to ensure better test coverage, but it also seems the testing has been happening in Debian already, so also that might not be necessary","commit_id":"c74c27a329430894aa7b9e16f61d23c0d2b35526"}]}