Fortunately ssh has forward secrecy, so if you are using the keys in your ssh client and don't use them after they are compromised, then your traffic remains secure. However if these keys are used in an ssh server and someone has marked those keys as trusted, potential issues remain. Unfortunately ssh does not have the PKI infrastructure of ssl to revoke keys.
But an ssh server (or any other server) should not also be used as a development environment that is pulling dependencies (if you are developing a server, then you should be using dummy keys and doing the development in a non-production environment).
But an ssh server (or any other server) should not also be used as a development environment that is pulling dependencies (if you are developing a server, then you should be using dummy keys and doing the development in a non-production environment).