The dependencies weren't vendored, meaning their behavior can change at any time if a malicious actor gains control of that third-party repo.
This is bad for security.
The dependencies weren't vendored, meaning their behavior can change at any time if a malicious actor gains control of that third-party repo.
This is bad for security.
[delayed]