Note: I have worked at Google for the majority of my professional life, which will color my views. Take with a pinch of salt, remember that everything here is my own views and do not represent that of Google or anyone else.
This document is here to convince you, dear reader, of three things:
Open source dependencies that your software relies on is code that you did not write, but it is code that you have a localized responsibility for.
The software engineering world should recognize the sub-field of Software Dependency Engineering and the role of the Software Dependency Engineer.
Managing dependencies is not toil. Dependencies are not free and extract an ongoing maintenance cost. Dependency management is something that cannot be avoided and cannot be fully automated out of.
There is a lot to unpack here, so let's start now.