gyokketto commented on PR #8991: URL: https://github.com/apache/pinot/pull/8991#issuecomment-1184237331
> So what is the conclusion here with this potentially conflicting with ongoing helix upgrade. Are we going to hold off massive dependency upgrades until helix upgrade finishes ? > > cc @jackjlli > > > With all those vulnerabilities we are not allowed to push our pinot deployment to higher environments. > > @gyokketto - Just want to clarify what this means. Does it mean we can't do a new Apache release until all of the problems called out in the above comment are fixed ? @siddharthteotia Sorry, I do not know about pinot's release priorities. We would like to see as many vulnerabilities eliminated as possible, but I can't judge what should be in the next release. I do not think this draft will ever be promoted to a pr, as many suggested breaking it down to smaller ones. The helix upgrade is a big one and it would probably make sense to have that before other changes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
