To be fair, big part of it is consistency. My wrench does not change it’s size randomly throughout the day.

I’ve seen it all before in some other country…

Probably one of the least weird things she had to do that week…

I can’t tell you how to feel, my dude, but I for one am very happy that there is some amount of Dan Jones in my week

Are you about to start a youtube channel? Damn, now I want you to start a youtube channel…

Fair, there’s no harm in having dependabot opening PRs.

As in fail a CI job if you have any unacknowledged CVEs?

The audit’s main point is to inform the developer about potential issues that they need to go and investigate. User just gets stressed.

Snyk at the very least allows you to mark something as not an issue after you went and did the leg work. Maintaining a list of ignoreCves in pnpm is just painful.

Not to contradict your point in principle, the CVE audit in npm ecosystem is fairly shit indicator of anything. Having to spend a few years dealing with those alerts, roughly 95% of them were completely unexploitabe under normal usage patterns. 17 vulnerabilities is just a bad look, nothing more.

And just to be perfectly clear, I’m not saying that no one’s trying to influence the opinion of western public, the Troll Factories are well established fact nowadays. But also, lets be real, US public does not need any help tearing itself apart, they‘ve been perfectly fine doing it for generations

Could that be that we’re just living in the interconnected world where ideas tend to spread on their own without necessarily the need to actively push them into people’s minds?

Funny enough, Russian government-backed media continuously claims that the US executes similar campaign on Russian soil by spreading liberal values, LGBT and brainwashing people through the influence of the Holywood.