|
|
|
|
|
|
by robertlagrant
1356 days ago
|
|
|
You might trust a dependency from a security perspective, but they might still have accidentally introduced a breaking change into a non-major version bump. It seems like a recipe for disaster to deploy other versions of dependencies (which might pull in further different versions of transitive dependencies) and assume it'll all work. |
|
|