Y
Hacker News
new
|
ask
|
show
|
jobs
by
bfivyvysj
57 days ago
Why?
1 comments
NetMageSCW
57 days ago
Because they could have a security flaw that might compromise your project or any users of it.
link
vablings
57 days ago
For any of my rust projects I really don't bump my deps unless dependabot shows a serious vulnerability or I want to use a new feature added. Outside of that my deps are locked to the last known good version i use.
link