> You physically cannot have the bandwidth to be on top of these supply chain issues all the time

> semantic versioning is not some golden goose that fixes this issue

Nothing is a golden goose, however semver is designed to limit the scope of incoming changes so you have a chance of staying on top.

> Vendoring dependencies is not a scalable solution for all the software people use.

There are literally three ways to deal with these supply chain issues:

1. Allocate the bandwidth yourself

2. Buy that bandwidth

3. Yolo