crepererum commented on code in PR #16456:
URL: https://github.com/apache/datafusion/pull/16456#discussion_r2212938215
##########
Cargo.toml:
##########
@@ -167,7 +167,10 @@ recursive = "0.1.1"
regex = "1.8"
rstest = "0.25.0"
serde_json = "1"
-sqlparser = { version = "0.55.0", default-features = false, features = ["std",
"visitor"] }
+sqlparser = { git =
"https://github.com/Dimchikkk/datafusion-sqlparser-rs.git";, branch = "v0.56.1",
default-features = false, features = [
Review Comment:
As an apache project, we should probably not depend on a personal repository
where an individual controls the branches without any additional checks -- not
because I personally distrust you but because the OSS world has seen its fair
share of supply chain attacks and we should use best practice. I see two
options forward:
- use a branch within the apache org repo instead of your personal one
- actually publish a 0.56.1 backport release to crates.io
I would prefer the 2nd option. CC @alamb
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org
For additional commands, e-mail: github-h...@datafusion.apache.org
