Security Tip: Keep Dependencies Updated
[Tip#18] Dependencies are security risks, especially if you have a lot of them or don't keep them updated...
Greetings friends! Welcome to this week’s “Old Man Yells At Clouds” segment, as I rant about dependencies and maintenance. 🤣 (Jokes aside, this stuff is important, but I’ll keep the ranting to a minimum.)
Don’t forget to check out last week’s In Depth about Content Security Policies. It's the longest and most compressive In Depth I’ve written yet, and I’m super proud of it.
Just a reminder: I can hack your site to help you improve your security, check out my Laravel Security Audits and Penetration tests.
Keep Dependencies Updated
A common pattern I see in the development communities is to use dependency packages for everything, big and small. While this is a great way to avoid reinventing the wheel in your own code, each dependency you introduce into your application adds an extra security risk. This is known as a supply-chain attack.
Here are some examples: