patpatpat123 commented on PR #17:
URL:
https://github.com/apache/maven-resources-plugin/pull/17#issuecomment-1100837732
Hello @slachiewic,
Thank you for your comment. I just have some questions if you allow me.
I just downloaded the release version, 3.2.0.
I am seeing in the pom this:
https://github.com/apache/maven-resources-plugin/blob/master/pom.xml#L73
```3.1.0``` in both latest branch and 3.2.0.
Would it be possible it is set there?
Would it be possible to bump this version up? I tried on my local each and
every version of Maven, not runtime, but changing this line
```3.1.0```
I can confirm, out of the 24 possible versions above (and I tried all of
them) it is possible to bump it to 3.2.3 (once 3.2.5, things start failing)
May I ask if it is possible to create a PR and set:
```3.2.3``` please? It will help address few
CVEs.
Thank you
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org