Y
Hacker News
new
|
ask
|
show
|
jobs
by
palata
839 days ago
Who in practice pins their dependencies (transitive included) on audited versions?
1 comments
rockdoe
839 days ago
Small companies with little development experience like Google and Mozilla.
(You can check the files I linked and see audits between deltas for minor version updates)
link
palata
839 days ago
I guess my point was: "because [some teams at] Google/Mozilla do it right does not mean that everybody does it right".
link
(You can check the files I linked and see audits between deltas for minor version updates)