▲ | jaimefjorge 4 days ago | |||||||
Hey thanks for testing! That's been my experience well, it's very frequent to see libraries with vulnerable versions being introduced in code. What's also interesting is that, despite using incredible AI coding models like Sonnet 4, you still get CVEs in your code. Try this with Codacy Guardrails: "create a Java server using undertow". Thanks for testing. Please do share your feedback when you test further! | ||||||||
▲ | im3w1l 4 days ago | parent [-] | |||||||
I mean it's almost inherent to LLM's right? Like they only know about version before it's knowledge cutoff. I guess it's a big argument for not putting exact versions in files generated by LLM, only major (+minor?) | ||||||||
|