← Back to context Comment by gslepak 3 months ago > dailySomehow we've survived without updating dependencies for probably at least a year. 4 comments gslepak Reply egorfine 3 months ago Then you probably have over a dozen CVEs in your code. Now, this is a different question whether they are exploitable and how much it is a risk.Other than that you now probably have an insurmountable technical debt and upgrading the dependencies is a project of itself.All the above applies to JavaScript world, of course. It's much different for the rest. gslepak 3 months ago > Then you probably have over a dozen CVEs in your code.We continuously monitor our dependencies for CVEs and update them if necessary. Most of the time the CVEs that are reported are not relevant / worth updating for. yread 3 months ago content-security-policy: default-src 'self'; (and not sending crypto transactions): No need to worry about CVEs in js 1718627440 3 months ago If a library introduces CVEs per day, it's probably not so good to begin with.
egorfine 3 months ago Then you probably have over a dozen CVEs in your code. Now, this is a different question whether they are exploitable and how much it is a risk.Other than that you now probably have an insurmountable technical debt and upgrading the dependencies is a project of itself.All the above applies to JavaScript world, of course. It's much different for the rest. gslepak 3 months ago > Then you probably have over a dozen CVEs in your code.We continuously monitor our dependencies for CVEs and update them if necessary. Most of the time the CVEs that are reported are not relevant / worth updating for. yread 3 months ago content-security-policy: default-src 'self'; (and not sending crypto transactions): No need to worry about CVEs in js 1718627440 3 months ago If a library introduces CVEs per day, it's probably not so good to begin with.
gslepak 3 months ago > Then you probably have over a dozen CVEs in your code.We continuously monitor our dependencies for CVEs and update them if necessary. Most of the time the CVEs that are reported are not relevant / worth updating for.
yread 3 months ago content-security-policy: default-src 'self'; (and not sending crypto transactions): No need to worry about CVEs in js
1718627440 3 months ago If a library introduces CVEs per day, it's probably not so good to begin with.
Then you probably have over a dozen CVEs in your code. Now, this is a different question whether they are exploitable and how much it is a risk.
Other than that you now probably have an insurmountable technical debt and upgrading the dependencies is a project of itself.
All the above applies to JavaScript world, of course. It's much different for the rest.
> Then you probably have over a dozen CVEs in your code.
We continuously monitor our dependencies for CVEs and update them if necessary. Most of the time the CVEs that are reported are not relevant / worth updating for.
(and not sending crypto transactions): No need to worry about CVEs in js
If a library introduces CVEs per day, it's probably not so good to begin with.