Vulnerabilities in transitive packages/dependencies
I'm wondering which approach people use to deal with vulnerabilities in transitive packages/dependencies? Do you manually update the transitive package with the risk of introducing compatibility issues and/or breaking changes? Or do you just wait until the maintainer of the direct dependency updates the (transitive) dependencies?
Vulnerabilities in transitive packages/dependencies
I'm wondering which approach people use to deal with vulnerabilities in transitive packages/dependencies? Do you manually update the transitive package with the risk of introducing compatibility issues and/or breaking changes? Or do you just wait until the maintainer of the direct dependency updates the (transitive) dependencies?
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.