SethFalco commented on PR #110: URL: https://github.com/apache/deltaspike/pull/110#issuecomment-1700430932
> I think it makes sense but while snakeyaml is extracted I'm also ok - btw v2 is out and fixes 1.33 CVE ;) Ahh nice, I tried to check Maven Central before, but it was down when I was working on this. Thanks for pointing that out! > I'm not sure it is worth the investment so I'll let you judge now. If we're willing to use SnakeYAML, I would _much_ prefer that, over the intricacies of writing the parser myself, even if derived from another project. But if other maintainers have any problem with this, do raise it, and I'll be willing to evaluate other options. I'm on the side of reducing maintenance by using the library, but I do appreciate the benefit of reducing code surface and dependency by going DIY. For now, I'll update this PR to the latest SnakeYAML version at least. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@deltaspike.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
