Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
pabs3
1mo ago
0 comments
Save
Share
Better to treat it as a dependency still, but audit each new commit/release as it comes in, and pin to the exact last commit id that you verified.
0 comments
1 comments · 1 top-level
top
newest
oldest
deepsun
1mo ago
Yes, but no one audits new dependencies versions usually. Only Release Notes mostly.
j
/
k
navigate · click thread line to collapse
