| ▲ | pjmlp 3 days ago | |
Because in many companies that isn't a 5 second job changing a csproj file. It requires clearance from management to spend actual money, measured in the amount of hours of work of everyone involved doing this times the hourly rate, to update every single configuration file, CI/CD build scripts, do a QA round on staging environment to validate everything is working as it was already before, to finally to production delivery, and tell everyone the new version is now greenlight for development. Naturally having a security assessment that an upgrade is required is a good way to have that budget come to fruition. | ||
| ▲ | andix 3 days ago | parent [-] | |
I know that. But if you never upgrade, your project drowns in technical debt until the point where it only eats up money, and no changes can be implemented anymore. | ||