|
|
|
|
|
|
by eacapeisfutuile
815 days ago
|
|
|
Yeah I think this is the common case. I think we usually trust that dependency A took a look at their dependency B and C before releasing a new version of A. And even if properly reviewing our bump of A, how often do we check out changes in B and C Edit: yes for FAANG-ish companies this is usually a bit different, for this reason. And licenses.. |
|
|