Comment 6 for bug 1955556

After more digging than I'd hoped to do, I see that the Horizon team has been trying to update the xstatic-angular constraint in the master branch for 6 months. Help is probably needed to more urgently drive https://review.opendev.org/794258 to conclusion.

As for backporting patches to a stable branch of the openstack/xstatic-angular repository, I expect that should be possible but am unsure whether it's been done with any of the other xstatic-* packages in the past.

Input from Horizon's core security reviewers could be helpful on both these points, so I've subscribed them to the report.