enapps-enorman commented on PR #149: URL: https://github.com/apache/sling-site/pull/149#issuecomment-1845916081
> Just raising the dependencies to get rid of vulnerabilities is not useful! That is just not true at all. There is value in not getting a bunch of false positives from security scanning tools and having to explain the reason every time! Bumping the dependencies to a newer version is trivial and only has to be done once in a while and the dependabot does most of the work for you anyways. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
