Henrique, I should also ask: If you look at git master, is there anything you see that needs updating?
TY! Gary On 2023/11/23 02:31:26 Henrique Siqueira Santos wrote: > I was wondering how the updates for some of the apache commons libraries work > in regards to the vulnerabilities of dependencies of a library (in this case, > commons-validator). > > Is it possible to create a pull request with only upgrades of dependencies of > a library? For instance, in the commons-validator library, there are some > dependencies which contains vulnerabilities such as jUnit. Is a pull request > to upgrade jUnit from 4.13 to 4.13.2 valid? > > Another different example would be the commons-digester library which, from > what I've seen, has the 3.3-SNAPSHOT version on it's master branch which > contains some upgrades to those vulnerable dependencies, but it hasn't been > released yet. > > Is there a release cycle or release date planned for these changes? > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
