Eventually you will want to update it, every update is a risk.
But, pinning has prevented most of the recent supply chain attacks.
As long as you don't update your pins during an active supply chain attack, the risk surface is rather low.
alt Hacker News
But, pinning has prevented most of the recent supply chain attacks.
As long as you don't update your pins during an active supply chain attack, the risk surface is rather low.