Comment # 2 on bug 1206141 from Benjamin Greiner

Updating py7zr had been deferred because the new versions require many more
packages and calibre is the only consumer. (See
https://build.opensuse.org/request/show/989252)

But with the CVE, we can no longer wait. Submit request is here:
https://build.opensuse.org/request/show/1044074