[jira] [Commented] (BEAM-13659) Beam Dependency Update requests autobugs are sometimes unactionable

Kenneth Knowles (Jira) Thu, 13 Jan 2022 15:35:06 -0800


    [ 
https://issues.apache.org/jira/browse/BEAM-13659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475841#comment-17475841
 ]


Kenneth Knowles commented on BEAM-13659:
----------------------------------------

Interesting thought. We do want to know about vulnerabilities in our dependency 
chain. We don't want to be dealing with quite this level of management of every 
single transitive dep.

> Beam Dependency Update requests autobugs are sometimes unactionable 
> --------------------------------------------------------------------
>
>                 Key: BEAM-13659
>                 URL: https://issues.apache.org/jira/browse/BEAM-13659
>             Project: Beam
>          Issue Type: Bug
>          Components: dependencies
>            Reporter: Valentyn Tymofieiev
>            Priority: P2
>
> Example: https://issues.apache.org/jira/browse/BEAM-13274
> Unless we are willing to other projects in our the dependency chain, or we 
> won't be able to address these alerts.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (BEAM-13659) Beam Dependency Update requests autobugs are sometimes unactionable

Reply via email to