How many people actually audit the code changes in their dependencies when updating them?
Few, if any. Which is why I'm highlighting that you can't just use commit SHA + Renovate then call it a day.
alt Hacker News
Few, if any. Which is why I'm highlighting that you can't just use commit SHA + Renovate then call it a day.