stankiewicz commented on PR #37969: URL: https://github.com/apache/beam/pull/37969#issuecomment-4461307215
I'm curious how we can move forward with this - @Abacn - as some users are nudging. Users care about fix for vulnerability - we should fix it. If we bump version that makes is breaking change for some users, e.g. wrong constructor is picked up (this is most scary change, rest is less dramatic)- how they would resolve it without fixing their code? This dependency is in runner, so possibly it's not that easy to exclude it and add older dependency. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
