RE: https://fosstodon.org/@SocketSecurity/116321614885038368

2020: the best thing you can do for security is have a bot automatically update your dependencies.
2026: the best thing you can do for security is to tell your bot that updates dependencies to wait a day or three before updating them.

Expect more of this over the coming months as compromised credentials from previous supply chain attacks are used to mount new ones.