Description
As maintainers of multiple FOSS projects, it is very difficult to know the health of the dependencies on which our community relies. Some package managers warn about security vulnerabilities and outdated packages, but it is hard to action mass warnings. Other packaging ecosystems fail to propagate this information at all.
This is a problem, because the harder it is to get this information, the less likely updates will be applied either to new version or to competing packages with better community health. It also creates undue stress in the unknown of whether some dependency n-levels deep is going to ruin your day.
Issues in this repo are not proclamations but open for discussion as to their accuracy and value. You can help by providing evidence and lines of investigation supporting or refuting the proposed problems.
Questions that should apply to all issues in this tracker: Is this problem accurate? Is there a deeper issue? Is it valuable? Can it safely be ignored? Please discuss.