Securing Laravel

Share this post

Security Tip: Keep Dependencies Updated

securinglaravel.com

Security Tip: Keep Dependencies Updated

[Tip#18] Dependencies are security risks, especially if you have a lot of them or don't keep them updated...

Stephen Rees-Carter
Apr 3, 2022
∙ Paid
1
Share
Share this post

Security Tip: Keep Dependencies Updated

securinglaravel.com

Greetings friends! Welcome to this week’s “Old Man Yells At Clouds” segment, as I rant about dependencies and maintenance. 🤣 (Jokes aside, this stuff is important, but I’ll keep the ranting to a minimum.)

Don’t forget to check out last week’s In Depth about Content Security Policies. It's the longest and most compressive In Depth I’ve written yet, and I’m super proud of it.

Just a reminder: I can hack your site to help you improve your security, check out my Laravel Security Audits and Penetration tests.


Keep Dependencies Updated

A common pattern I see in the development communities is to use dependency packages for everything, big and small. While this is a great way to avoid reinventing the wheel in your own code, each dependency you introduce into your application adds an extra security risk. This is known as a supply-chain attack.

Here are some examples:

Keep reading with a 7-day free trial

Subscribe to Securing Laravel to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 Stephen Rees-Carter
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing