mormegil

@mormegil@programming.dev

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Shearing point⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Another level of this dilemma:
- Pin all dependency versions – Prevents receiving security patches
- Don’t pin dependency versions – Enables supply chain attacks (see nesbitt.io/…/incident-report-cve-2024-yikes.html)