lostluck commented on PR #26787: URL: https://github.com/apache/beam/pull/26787#issuecomment-1554835799
Sorry for the hasty initial reply (since deleted). When I see repeated PRs from the same person without any other comments, I assume SPAM. Remember, open source is community over code, and that requires interaction on both sides. This is much better! Thank you. I'll note that as this only affects the container image bootloader, which has limited interactions, and dependencies the likely hood of any of the patched CVEs being a relevant attack surface are minimal. https://go.dev/doc/devel/release#go1.20.minor A more interesting fix than one-off manual upgrades though, would be looking into simply automating the patch version upgrades for these last two bits of manual configuration, so a PR isn't needed all the time for the patch revisions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
