“Third-party libraries and security issues - Go Make Things”
The dependency-of-a-dependency issue is a much bigger one than you’d expect. It’s incredibly easy for a exploitable package (sometimes even intentionally so) to sneak into your project that way.