[lawnchair_larry]

How do you apply security updates to the dependencies?

[reitanqild]

To update on this since I am a Java programmer who is picking up c again after 10 years:

In modern Java world people often maven or another project tool where upgrading a library is as simple as changing the version number in a "pom" file, push and wait for Jenkins to finish build, unit and integration tests.

Not kidding here, this is one of the things I love about Java development.

[drchickensalad]

This is literally every ecosystem except classical c and c++.

[lsaferite]

You generate a fresh build with the updated libraries.

[dikaiosune]

Exactly. This also ties in nicely with a test-heavy build process to make sure that said security updates don't cause any regressions.

EDIT: To give you a chance to catch those regressions, at least.