consider minimal version selection like go modules #4398
edvardchen
started this conversation in
Ideas
Replies: 1 comment
-
|
We'll have more to share about this in not-so-long. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Have the team consider to adopt the "minimal version selection" like go modules? The author explained the rationale well in this blog https://research.swtch.com/vgo-principles.
The benefit is that users won't get affected immediately if some one publishes a vulnerable version of their dependencies.
Beta Was this translation helpful? Give feedback.
All reactions