If you see this:

The following security updates require Ubuntu Pro with 'esm-infra' enabled:

In short, it is telling you that the Ubuntu Core team has:

1. patched versions of packages with known vulnerabilities
2. made those improvements available for their Pro users/customers

If your Ubuntu machines are critical infrastructure for you, you should consider signing up for Ubuntu Pro.

If not, I think that makes it the perfect type of package update to “divert”:

File diversions are a way of forcing dpkg(1) not to install a file into its location, but to a diverted location. Diversions can be used through the Debian package scripts to move a file away when it causes a conflict. System administrators can also use it to override some package’s configuration file, or whenever some files (which aren’t marked as “conffiles”) need to be preserved by dpkg, when installing a newer version of a package which contains those files.

https://www.man7.org/linux/man-pages/man1/dpkg-divert.1.html

There are different ways to accomplish this, but I did it like this:

sudo dpkg-divert --divert /etc/apt/apt.conf.d/20apt-esm-hook.conf.bak --rename --local /etc/apt/apt.conf.d/20apt-esm-hook.conf

This ultimately results in not receiving the most-fast security update benefits from Ubuntu Pro, but you aren’t any less secure than you would’ve normally been before Ubuntu Pro existed – we all still qualify for & receive the same old updates from the same old original package maintainers like before.