enapps-enorman commented on PR #187: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/187#issuecomment-3224969350
> Is this sufficient reason to bump up the provided dependency? (which would also be good wrt features) I would bump it up. This type of thing was discussed a bit on the dev list at https://www.mail-archive.com/dev@sling.apache.org/msg135328.html The guidance was updated on the wiki at https://cwiki.apache.org/confluence/display/SLING/Dependabot to recommend bumping the versions of dependencies to be the oldest compatible version that does not have known security vulnerabilities. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
