As part of trying to work with CPAN I noticed the CPAN::Audit module in the recently updated list and it looks kinda useful as a general maintenance tool - going through the modules installed on my laptop and updating any that have security issues.
It occurred to me that I should probably ensure that any CPAN modules do not include dependencies with known security issues. Even though these are often pretty trivial, it would seem to make the module more robust if any dependencies have minimum versions specified that resolve the know issues.
Does anybody have advice on whether this is standard practice or whether there are any issues that I may find if I start putting in these minimum version requirements?