You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/09/11 11:46:12 UTC

[GitHub] [dolphinscheduler] kezhenxu94 commented on pull request #11061: Bump aws-java-sdk-s3 from 1.12.160 to 1.12.261 in /dolphinscheduler-bom

kezhenxu94 commented on PR #11061:
URL: https://github.com/apache/dolphinscheduler/pull/11061#issuecomment-1242946968

   > @SbloodyS @kezhenxu94 would it be possible to comment on PRs when you close them to provide a reason? 
   
   Usually we leave comment when closing PRs, but for those opened by a bot dependabot, we don't comment, it's a bot.
   
   Upgrading a dependency involves updating licensing-related stuffs, these must be done by human beings.
   
   > Ideally, dolphinscheduler should use the newer aws-java-sdk-s3 jar. It's not even a big upgrade so the uptake in dolphinscheduler should be straightforward.
   > 
   > [GHSA-c28r-hw5m-5gv3](https://github.com/advisories/GHSA-c28r-hw5m-5gv3) is the security issue
   
   if you check the PRs, I've been upgrading dependencies these days, but that takes time, if you are willing to help, please open pull requests


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org