Another level of this dilemma:

• Pin all dependency versions – Prevents receiving security patches
• Don’t pin dependency versions – Enables supply chain attacks (see https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html)

That’s the security issue, right? Liar paradox detected!

Danish: // hold my beer

#define NINETY ((int) (4.5 * 20))