Robert Zych
@cla-bot check
I just signed and submitted the individual CLA.
@cla-bot check
@wendigo Let me know when your branch with a re-writer example is available.
No, the scan results don't include the versions to upgrade to. I'm in the process of upgrading calcite-core to 1.32.0 and should have updated scan results later today.
The dependencies of calcite-core 1.32.0 also have CVEs.
The only dependency that had to be whitelisted was avatica-core 1.24.0 as it couldn't be excluded without introducing a regression. It's CVE ([CVE-2022-39135](https://nvd.nist.gov/vuln/detail/CVE-2022-39135)) doesn't apply. Here are the upgrades and...
@snleee Of the dependencies that I upgraded, all but calcite-core hasn't been upgraded yet. I have created a [PR to upgrade calcite-core to the latest version (1.36.0)](https://github.com/apache/pinot/pull/12364), but because it...