hundreds-father-404
11/05/2021, 4:00 PMwitty-crayon-22786
11/05/2021, 4:04 PMbitter-ability-32190
11/05/2021, 4:36 PMwitty-crayon-22786
11/05/2021, 4:42 PMbitter-ability-32190
11/05/2021, 4:42 PMwitty-crayon-22786
11/05/2021, 4:43 PMflat-zoo-31952
11/05/2021, 5:03 PMVendoring deps helps, and usually most python libs have permissive licensesVendoring deps exposes you to CVEs discovered after you copy the source into your code, unless you're very proactive about backporting fixes to your vendored fork. Lockfiles + cautiously optimistic upgrades powered by things like dependabot is probably a safer route
bitter-ability-32190
11/05/2021, 7:54 PM