Comment by jadar
24 days ago
It almost doesn't matter, because you can get pwned by a transitive dependency. If someone doesn't have the same scruples as you have, you're still at risk.
24 days ago
It almost doesn't matter, because you can get pwned by a transitive dependency. If someone doesn't have the same scruples as you have, you're still at risk.
minimumReleaseAge and lockfiles also pin down transitive dependencies.