Speaking as someone with SRE experience that thinking keeps me up at night. Bumping version numbers isn’t like auto updating your phone.
How was the new version tested? Did it go through some sort of QA process? What subtle behavior changes are going to inpact your application or downstream dependencies? Did the license change in the new version? Are there performance regressions? Was the library hacked, and the new version introduced an exploit into your application?
How was the new version tested? Did it go through some sort of QA process? What subtle behavior changes are going to inpact your application or downstream dependencies? Did the license change in the new version? Are there performance regressions? Was the library hacked, and the new version introduced an exploit into your application?