|
|
|
|
|
|
by gloosx
559 days ago
|
|
|
No, you only need to update when there is an actual CVE which is a real concern, which is fairly rare for development dependencies, for instance webpack had only two in it's 12-year history – with one being severe. Babel had practically zero (except 1 indirect critical traverse package CVE last year). Vite you're proposing had 7 total and 3 severe in 4 years. Think this through – non stop CVEs, really? |
|
|
CVEs aside, core-js is a liability on itself. Sad personal story, sad that the world still thanklessly depends on it.