You are viewing a plain text version of this content. The canonical link for it is here.

Posted to pr@jena.apache.org by "afs (via GitHub)" <gi...@apache.org> on 2023/01/24 14:13:32 UTC

[GitHub] [jena] afs commented on pull request #1728: fix(sec): upgrade org.apache.shiro:shiro-web to 1.11.0

afs commented on PR #1728:
URL: https://github.com/apache/jena/pull/1728#issuecomment-1402017323

   I'm surprises dependabot hasn't generated a change. It sent one another project but failed to notice when it was done and the PR didn't close.
   
   As @rvesse says, it does not affect Jena directly but it is good to update.
   
   > Ideally, no insecure libs should be used.
   
   That is impossible for javascript!
   Dependencies don't update to pick up their own dependencies for security patches.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org