|
|
|
|
|
|
by ruskyhacker
750 days ago
|
|
|
Idk how I feel about this. I think this is only an appropriate solution if you are 100% capable and can take complete ownership of patching said dependencies. I get how there is risk associated with a supply chain attack, but what are you going to do when you don't understand a vulnerability and need to fix it? Most problems aren't impossible to solve of course, but those who've been working with a codebase for a long time probably have a more intimate knowledge of how it works. |
|
|
Its also acts to speed up testing and deployment