[tech debt] patch vendored tornado version

[dwoz]

We need to patch our vendored tornado version to account for CVE patches we've applied. This will prevent scan tools from reporting false positives.

[claudiawalsh491-ai]

Good catch, didn't notice this before

…

On Mon, Mar 16, 2026, 5:27 PM Daniel Wozniak ***@***.***> wrote: *dwoz* created an issue (saltstack/salt#68820) <#68820> We need to patch our vendored tornado version to account for CVE patches we've applied. This will prevent scan tools from reporting false positives. — Reply to this email directly, view it on GitHub <#68820>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/B72HDPJ5CY6BUYA2UYF6LL34RB5WJAVCNFSM6AAAAACWT5JVT2VHI2DSMVQWIX3LMV43ASLTON2WKOZUGA4DKMJQGUZTCNY> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[corevibe555]

@claudiawalsh491-ai I'd love to work on this.

[claudiawalsh491-ai]

Thanks for taking this on

…

On Tue, Mar 17, 2026, 8:58 PM corevibe555 ***@***.***> wrote: *corevibe555* left a comment (saltstack/salt#68820) <#68820 (comment)> @claudiawalsh491-ai <https://github.com/claudiawalsh491-ai> I'd love to work on this. — Reply to this email directly, view it on GitHub <#68820 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/B72HDPPFUUO7Y7PSEPLN62D4RH7EDAVCNFSM6AAAAACWT5JVT2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DANZZGEYTMMBYGU> . You are receiving this because you were mentioned.Message ID: ***@***.***>