capistrant commented on PR #18259: URL: https://github.com/apache/druid/pull/18259#issuecomment-3225082444
> @capistrant I had to upgrade those extra dependencies because `Cron Job ITs / security vulnerabilities` kept failing. I can alternatively suppress those. Let me know. Since the cron job ITs are not actually a part of a PR workflow in Druid, we can not concern this PR with things that are failing those workflow runs. Therefore, you should not even add suppressions for them to this PR. The only time you should add a suppression as a part of a feature PR is if something in the PR introduces a new CVE that we are both unable to resolve, and are comfortable suppressing if we think it is ok to do so (false positive, not exploitable, risk accepted, etc). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
