Open
Description
Working with external dependencies can be a tricky topic when hoping for broad usage.
To help this topic I feel it would be beneficial to have a guide/best-practise on how dependencies should be managed.
Some key suggestion from my side:
- Do not take on transitive dependencies to address CVE'S
- Target the lowest major version of a dependency that targets the required TFM but the highest version within that make version. This is to achieve optional compatability.
Metadata
Metadata
Assignees
Labels
No labels