> You don't want to upgrade your networking the day after TLS 1.0 is rejected by that server you interact with. That seldom ends well.

Otoh, upgrading your server to support TLS 1.2 also meant upgrading to support HeartBleed.

It depends on your dependencies whether up to date is better than old and seems to work. And also, some dependencies will have breaking changes every release, skipping a few releases may mean skipping ahead on the cycle of churn.

Picking stable and high quality dependencies is nice, but not always an option.