mattrpav commented on code in PR #1937:
URL: https://github.com/apache/activemq/pull/1937#discussion_r3094433995
##########
pom.xml:
##########
@@ -58,6 +58,8 @@
<commons-collections-version>3.2.2</commons-collections-version>
<commons-dbcp2-version>2.14.0</commons-dbcp2-version>
<commons-io-version>2.21.0</commons-io-version>
+ <commons-lang3-version>3.20.0</commons-lang3-version>
Review Comment:
I really struggle with adding these dependencies back in for essentially one
method. I think we'd end up being tied to _their_ release cycle for security
patches and ActiveMQ get flagged for CVE vulnerability, even if we don't use
vulnerable methods.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
