There's an awkward tension between auto-update and fixing security bugs. If platforms don't automatically update, users don't get security fixes. If they do update, you're giving the vendor RCE power.
Related Posts
I've been really enjoying paru as a pacman substitute on Arch Linux: https://github.com/Morganamilo/paru
It allows you to update both normal and AUR packages in one go, which is super convenient. It also shows you PKGBUILD files, so there's still a human audit step for AUR.
I made some changes to a node express project that I haven't touched in almost five years. I was pleasantly surprised that I only needed to update one dependency to get it working again!
(It was sqlite3, which is a native dependency using node-gyp.)
Whilst LLMs don't always give an accurate answer, the UI is really compelling. I keep finding users whose favourite way of doing research is an LLM.