About vulnerability in the dependency
I have read many articles about the vulnerability in the program dependency, either direct or transitive.
Here are two questions come out of my mind.
If a dependency A has a vulnerability (Maybe has a CVE identifier) in one of its functio…