nigzak commented on PR #27187: URL: https://github.com/apache/superset/pull/27187#issuecomment-1959534199
HI @dpgaspar that is bad to me, I am not allowed to deploy this version because it has a critical CVE inside ... so I must stay to superset 3.0.x ... (this has not included this dependency) I even don't know what others do ... but at least normally - as I know - deploying software which having critical or even high findings is not allowed - or only with "hard discussions" (more or less mostly only MAX for high or where no fix is avaiable). This "panda" thing I did not know yet so I sadly cannot discuss anything about this ... I tought it is a "normal" package like usual in requirements for pip As I understood as result this pull request then will be rejected and you will stay on the bad version - right? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
