That’s a very interesting thought and I agree: https://benhoyt.com/writings/dependencies/

@movq@www.uninformativ.de Yeah. Unfortunately. :-( I tried to bring up the subject of dependency upgrade reviews a few times, but nobody else cared. We finally experienced a supply chain attack (luckily, didn’t turn out too horrible for us, could have been worse) and this got the discussion slowly rolling again. So, publication of this article is perfect timing. Let’s see. Admittedly, I don’t have high hopes. And I bet someone suggests to use AI agents…