michael-o commented on PR #170: URL: https://github.com/apache/maven-javadoc-plugin/pull/170#issuecomment-1327148884
> I submitted this PR as I wanted to contribute (as I have before). I find this change quite valuable, as small as it is. Project teams and organisations will always want library versions flagged in context of a CVE to be upgraded asap. Whether the library is in fact affected or not, they do not care. > > The experience on this PR, the wait times, the nitpicking and mocking of outside contributors feels very discouraging. > > @Neutius Hope you will have a new version soon with this issue fixed. One of the core issues with this PR was that you tried to sell as a security issue which it was not. It was a mere dependency upgrade to shut off stupid, superficial scanners. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
