Dang, Every little application and repository at our company is being constantly hit with violations if there are known issues with dependencies.
Releases will get blocked in the pipelines if the scans show dependency issues.
Is this not a thing everywhere?

Do projects really just blindly change version decencies without regression testing and push to production?