I also was at this point, and I decided to add cooldowns to every project.

Yeah, I agree, but then you are at the mercy of whatever vulnerability is found in the current version(s). It just feels like a lose-lose situation no matter what you do.

	▲	thrownthatway 5 minutes ago \| parent \| next [-]
		So long as we insist on everything from a light switch, the vacuum cleaner, security camera, clothes dryer, TV, car, and mobile phone being an always on, always online, Universal Turing Machine we’re not going to find a solution.
	▲	tpetry an hour ago \| parent \| prev [-]
		You can still update to new versions even if the new release is still in cooldown phase. You just have to be explicit that you want the new release. pnpm audit —fix for example will whitelist releases in cooldown phase when theres a known security issue for a version you currently use.