yuansc commented on PR #3: URL: https://github.com/apache/sling-org-apache-sling-scripting-javascript/pull/3#issuecomment-2490023738
Hello @rombert, Thank you for providing the reference and detailed explanations regarding the impacts of the dependencies update. Your insights are very helpful, and I completely agree that considering the broader user base and selecting libraries during packaging can better support those utilizing this project's work. The misleading vulnerabilities reported by the Maven repository (e.g., https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.scripting.javascript/3.1.4) are indeed problematic, which was a key motivator for this PR and aligns somewhat with @enapps-enorman's comments. With full respect for the process, I am okay with either dropping this PR or waiting for a vote—both options work for me. Thank you again for your guidance. Best regards, Scott Yuan -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
