+1 On Fri, Apr 24, 2026 at 3:15 AM Cheng Pan <[email protected]> wrote: > > +1 (non-binding) > > Java/Scala deps are controlled manually so it’s easy to audit, also looking > forward to a lock file (or similar things) for Python deps so we know which > exact version of deps are used for testing. > > Thanks, > Cheng Pan > > > > On Apr 24, 2026, at 18:03, Steve Loughran <[email protected]> wrote: > > > +1 (non binding) > > On Fri, 24 Apr 2026 at 00:03, Tian Gao via dev <[email protected]> wrote: >> >> Hi, as discussed in >> https://lists.apache.org/thread/lwgqo36pqzlddtq2f8fxy6c1jj8go4x6 , I'm >> proposing a vote for a buffer time to upgrade our dependencies. >> >> The proposal is: >> For the apache/spark repo only, we can only upgrade third-party dependencies >> (including Apache projects) to a version released at least seven days ago. >> This covers Java, Python and all other dependencies. Security upgrades are >> exempted and will be conducted by PMCs. >> >> [ ] +1: approve >> [ ] 0: no opinion >> [ ] - 1: disapprove >> >> This is a procedural vote (no code change) so we need a simple majority >> (more +1s than -1s). >> >> Tian > >
--------------------------------------------------------------------- To unsubscribe e-mail: [email protected]
