What do you do when a project has a vulnerable dependency and a fix is not forthcoming? Not sure what my options are...

so far my approach has been to take it offline and wait

Follow

ok, the patch has arrived. Waiting was the right choice.

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko