autophagy commented on a change in pull request #16605:
URL: https://github.com/apache/flink/pull/16605#discussion_r678176088
##########
File path: pom.xml
##########
@@ -1619,6 +1621,7 @@ under the License.
so there's no benefit in us investing time into bumping these. -->
<include>org.yaml:snakeyaml:(,1.26]:*:test</include>
</includes>
+
<message>Older snakeyaml versions are not allow due to security
vulnerabilities.</message>
Review comment:
Could maybe be worthwhile specifying the minimum version in the message?
Like "snakeyaml versions older than x.y", just for friendliness.
##########
File path: pom.xml
##########
@@ -1634,6 +1637,7 @@ under the License.
<excludes>
<exclude>com.fasterxml.jackson*:*:(,2.12.0]</exclude>
</excludes>
+
<message>Older jackson versions are not allow due to security
vulnerabilities.</message>
Review comment:
Same points here as for the snakeyaml comments.
##########
File path: pom.xml
##########
@@ -1619,6 +1621,7 @@ under the License.
so there's no benefit in us investing time into bumping these. -->
<include>org.yaml:snakeyaml:(,1.26]:*:test</include>
</includes>
+
<message>Older snakeyaml versions are not allow due to security
vulnerabilities.</message>
Review comment:
Small grammar error: "not allowed" instead of "not allow"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
