On Thu, Mar 19, 2026 at 11:27 AM Jacques Le Roux via dev < [email protected]> wrote:
> [...] > Why would you want to remove it? > Hi Jacques, My concern is mainly about keeping a dependency that is known to be vulnerable and abandoned, regardless of its current usage. Even if it’s not exposed OOTB, it will still be flagged by security tools, create noise, and may give users the impression that it’s safe to use. Since it’s unlikely to be fixed upstream, it also adds unnecessary technical debt. Given that it’s not essential, I think removing it would be the cleaner and safer option. Best regards, Jacopo
