|
|
|
|
|
|
by mattstir
34 days ago
|
|
|
> select the previous-to-latest version For supply chain attacks that simply bide their time, or for dependencies which involve interacting with other subsystems, it's possible you miss a critical security update by doing this. Of course, the maintainers of the crates should yank known bad releases, but that's putting trust in a third-party that may have already been compromised. |
|
|