benweidig commented on PR #45: URL: https://github.com/apache/tapestry-5/pull/45#issuecomment-1771222694
We ran into the same issue after a recent pen test and updated it internally; there have been no issues so far. Initially, I thought about removing underscore.js altogether, as only a few methods appeared to be used. After a closer look, there are 23 methods used, and removing the library would introduce a breaking change anyway. So updating it is the better approach. For easier release management, I will create a Jira ticket this weekend to track the changes before merging the PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org For additional commands, e-mail: dev-h...@tapestry.apache.org
