First: AI, LLM are a very powerful tool for software developers.
The following lines will indicate a limit of LLM in software development.
So you aware of it and can handle it right.
I found this problem by incident. LLM like qwen3-coder:30b generating code that uses outdated libs and frameworks containing CVE's.
Conclusions
- LLM's are not perfect writing code but don't drop it.
- Many (Most, All) LLM's living in the past.
- LLM's generate projects with outdated vulnerable dependencies. Be aware of it. This will time problem will affect all ideas the LMM is generating.
Test
The task: create a Spring Boot web app with qwen3-coder:30b (ollama, aider)
- pom.xml contains Spring Boot Starter Parent 2.7.0, uh that's a little bit outdated
- Release date was May 19, 2022
- contains at least 10 CVEs
- Select Java 11
Ok, I give a helping hand
- Task: create a spring boot web app, spring boot 4
- pom.xml contains Spring Boot Starter Parent 3.2.0, uh that's a little bit less outdated
- Release date was November 23, 2023
- contains at least 2 CVEs
- Select Java 17
Looks that the model is living in the past, at least 2 years. So I give are more modern model a try: qwen3.6:27b
- Task: create a spring boot web app, spring boot 4
- pom.xml contains Spring Boot Starter Parent 3.3.0, best I can get but still far away, gives me a hint to 4.0.0-M1
- Release date was May 23, 2024
- contains at least 7 CVEs
- Select Java 17
