| ▲ | beepbooptheory 4 hours ago | |
This article was on the front page recently that discusses the idea behind this: https://blog.yossarian.net/2025/11/21/We-should-all-be-using... Most of the time, you need quick patches because of fairly recent dependency changes, so if you just wait and kind of "debounce" you dependency updates, you can cover a lot of supply chain vulnerabilities etc. | ||
| ▲ | ntonozzi 3 hours ago | parent [-] | |
It's not debouncing, it's delaying. Ideally you can still update a specific dependency to a more up to date version if it turns out an old version has a vulnerability. | ||