Fork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve been vocal about this for 10+ ye
kept by eddie
Dependency updates are riskier than latent bugs; fork, trim, and only update when needed to defend against supply chain attacks.