Keep dependencies, frameworks and underlying platforms patched and up to date.
Easy to implement
5 High impact score
Outdated dependencies don’t just carry security risk — they’re a quiet sustainability cost too. Old library versions often carry legacy code paths, polyfills for browsers that have long since disappeared, and inefficiencies that later releases have since optimised away; unpatched vulnerabilities are also a big part of what turns a site into a target for the bad-bot and DDoS traffic covered in 7.1.
Automate this rather than relying on someone remembering: tools like Dependabot or Renovate can raise dependency-update pull requests on a schedule, and a routine npm audit / npm outdated (or your stack’s equivalent) as part of the regular pipeline keeps this from becoming a once-a-year scramble.