|
|
|
|
|
|
by kixxauth
17 days ago
|
|
|
Yeah, pinning dependencies is very similar to vendoring or cloning them. By cloning, you get to know the code better and how it is structured, plus you cherry pick only the features you want. But, like you said, you are at risk of introducing new vulnerabilities. I'd just prefer making that bet on myself than someone I don't know |
|
|