The short version is: projects should vendor their deps and manually resolve package versions. I don't think he states his argument very clearly. But I do think he's basically correct.
Bundle is both a noun and a verb the same as vendor! So not any better imho.
I hate to say this, but vendor is an extremely common term for this operation. Rust’s cargo has a “vendor” sub command built in.
You’re far from alone in not being familiar with the term. Which is a great travesty because it really should be considered best practice and default behavior!
"Vendor" wasn't actually a verb at all, at least until this usage.
And it doesn't in any way describe the activity of bundling open source libraries that are not even supplied from vendors for the most part! So a poor neologism, in my opinion.
The short version is: projects should vendor their deps and manually resolve package versions. I don't think he states his argument very clearly. But I do think he's basically correct.
Vendor your damn deps!