Some critical packages should not be pinned in the bob recipe
Right now we pin everything but we should not pin
# aggressive_update_packages (sequence: str)
# A list of packages that, if installed, are always updated to the
# latest possible version.
#
# aggressive_update_packages:
# - ca-certificates
# - certifi
# - openssl
these 3 packages since they are required to make sure environments will work over time.
I will assign it to you Tiago since you have a lot of energy ;)