|
|
|
|
|
|
by thornygreb
788 days ago
|
|
|
Yes, but very often you are trucking along just fine with some version of a dependency and then all of a sudden it gets a CVE and the fix has only been applied to the next major version and not backported because the version you are on is no longer supported. And now you are in dependency update cascading hell. |
|
|