iemejia commented on pull request #13073: URL: https://github.com/apache/beam/pull/13073#issuecomment-727178225
I see, good to know there is awareness on the issue, thanks @suztomo. I wonder now if my forcing fix makes even sense since this PR has two goals (1) upgrade the dependency and (2) silence automatic security detectors from reporting this dependency as a security issue which clearly won't be the case at least for the hcatalog module if I force the previous version even if this is not at all a Beam problem. WDYT @aromanenko-dev shall we upgrade as it is to cover (1) for most of the other modules knowing that (2) would still be an issue for HCatalog? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org