[BoomerMoment]

I agree, provided the software isn't network reliant / accessible.

If the software were to explicitly depend on <vulnerable library> and moving to <patched library> broke it that would be the nail in the coffin for me / make me question whether I want to spend the effort maintaining the project.

[anonzzzies]

Yes, but for desktop software this is usually less of an issue. And at least you could fix it. When people are running ancient closed source software on Windows (Win 95 software apparently runs on Win 11), they don’t even think about the vulnerabilities and if they do, they cannot fix them. If you are so married to a software like the author seems to be, open is your best bet. And the OP is retired (well, at least 2021), so tinker time!