potiuk commented on issue #28381: URL: https://github.com/apache/airflow/issues/28381#issuecomment-1373698998
> @potiuk I don't personally have an issue with the risk inherant in the dependency - however in our environment (and it appears @JGoldman110 has the same issue) we are now blocked from using airflow in any form due to the automatic vulnerability scanners we have in place. I imagine this will also affect other consumers of the app. Sure, I am not sure if you've noticed, but I am absolutely for migrating. And I would love this to happen. And I think this is the least such companies (who care for security of the open source projects they use for free) is to help to upgrade such dependencies. I think your company would be a perfect candidate to either ask some of their employees to contribue a PR with migrating to newer/different swagger or to pay somoene to do it. This is an absolute least such companies might do to both - help themselves and also give back to the community. Especially if it is a blocker because of company security scanners - your company now has much bigger incentive to help fixing it because of those security scanning policies in place. The issue is now marked as "good-first-issue" - because literally anyone (including - but not limited to - someone employed or paid by your company - to contribute a PR to update it. Looking forward to it. And happy to review it when someone does it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
