JLLeitschuh commented on PR #5: URL: https://github.com/apache/maven-project-utils/pull/5#issuecomment-1321164679
> I am very tired of having static analysis tools run on repos and filing bugs or PRs that have no understanding of context. This is exactly what I don't file bugs. They do waste your time. I figured an easily mergeable pull request would be more palatable by maintainers because, in the worst case it's a real vulnerability, and in the best case, it's still a valid security hardening. I've gotten significantly more push back when the fix is exclusive to tests. I think I'll update the recipes to only generate test fixes when production code is also modified. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
