enapps-enorman commented on PR #149: URL: https://github.com/apache/sling-site/pull/149#issuecomment-1845910165
> e.g. a vulnerability in Commons IO or Commons Lang commons-io has not had a known security vulnerability since version 2.6 (released on May 27, 2020) commons-lang3 has not had any known security vulnerabilities at all My impression is that people are using these guidelines as justification for not doing any work at all, or to prevent others from evolving the code to more modern dependencies. For example, for SLING-12184 where you raised an objection about bumping up to a 5 year old newer dependency and remain on a 12 year old dependency! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
