PSA that the dependency management supply chain attack that all the fuddy duddies were suggesting JS ecosystem was going to inevitably hit has, indeed, been hit, for maybe not the first and probably not the last time. It would be a good day to know what your transitive does are.
-
-
Is this less likely in Ruby/Bundler land since it's encouraged to lock it to a specific ver? Or is it, on balance, pretty much just as likely ?
-
Kind of feel like I have multiple responses to this question: 1) I don't feel like doing the comparative necessarily maximizes for the future success of the industry, and I feel all people of good will are on the blue team with respect to security. 2) Wouldn't say Ruby is secure
- 1 more reply
New conversation -
-
-
Patrick makes untranslateable texh tweet binge. News at 11.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
As a late millennial, I understood this tweet.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
"Fuddy Duddy" valid terminology in the UK.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.