[evand]

I work for Canonical, but I also share maintainership of some snaps. From an automatic email I received recently: “A scan of this snap shows that it was built with packages from the Ubuntu archive that have since received security updates. The following lists new USNs for affected binary packages in each snap revision: … Simply rebuilding the snap will pull in the new security updates and resolve this. If your snap also contains vendored code, now might be a good time to review it for any needed updates.“

Yes, you don’t get that library update everywhere all at once, but this gives each vendor a chance to make sure that update actually works with their app.