|
|
|
|
|
|
by kevincox
457 days ago
|
|
|
That isn't even the biggest problem. That breaks, and breakage gets fixed. Other than some slight internal delays there is little harm done. (You have a backup emergency deploy process that doesn't depend on GitHub anyways right?) The real problem is security vulnerabilities in these pinned dependencies. You end up making a choice between: 1. Pin and risk a malicious update. 2. Don't pin and have your dependencies get out of date and grow known security vulnerabilities. |
|
|