> People give C++ lots of hate but thanks to not having an easy way of adding complex dependencies, it has less dependency driven bugs/security issues.
Oh, come on. The number of security issues to things like libssl alone is enormous.
That's superficial. How many "high level languages" roll their own SSL from scratch? I'd bet most of them link down to the C++ libssl, so of course that one gets a lot of heat, but it also means it's a very robust piece of software.
Languages like C++ that lack memory safety have the irritating property that a memory safety error anywhere in the dependency tree can be exploited to attack unrelated parts of the binary. In most languages you don’t have to worry that some stateless pure-function log formatter is secretly the gap in your armor.
They certainly don't have less to a degree which makes up for the lack of tooling to support it. C++ dependency management is a nightmare which dwarfs even the worst of npm. Even if it were to half the number of dependencies it doesn't make up for the 10 times more dependency and build-related issues which appear.
Code that you reinvent/maintain yourself is almost always less actively maintained than the dependency you could have used.
Less maintained code universally means more buggy code. (not even talking about performance and features)
It all boils down to human resources.
Also your saved human resources by using a dependency can be reallocated either at bettering the rest of your code or towards contributing to the dependency.
Regarding security issues in C++ in general: ~51% of security issues are memory related, so you get at least half less security issues with a garbage collected language.
Oh, come on. The number of security issues to things like libssl alone is enormous.