Finding a years old project be like
You're viewing a single thread.
And don't even get me started with C# and Node.js projects, chances are you will need to reimplement the entire application just to get the project out of vulnerable library versions.
Ehem.. I think you mean job security.
Precisely, it's a feature, not a bug