Constantly updating to the latest version of innumerable software projects is safer from supply chain attacks? :)

My experience has been that the cost of “patching” is often bugs and instability, having gained nothing security-wise.