Hi, as discussed in https://lists.apache.org/thread/lwgqo36pqzlddtq2f8fxy6c1jj8go4x6 , I'm proposing a vote for a buffer time to upgrade our dependencies.
The proposal is: For the apache/spark repo only, we can only upgrade third-party dependencies (including Apache projects) to a version released at least seven days ago. This covers Java, Python and all other dependencies. Security upgrades are exempted and will be conducted by PMCs. [ ] +1: approve [ ] 0: no opinion [ ] - 1: disapprove This is a procedural vote (no code change) so we need a simple majority (more +1s than -1s). Tian
