> Keeping updated libraries is a good practice

First, the "good practice" argument is just an attempt to shut down the discussion. God wanted it so.

Second, I rather keep my dependencies outdated. New features, new bugs. Why update, unless there's a specific reason to do so? By upgrading, you're opening yourself up to:

- Accidental new bugs that didn't have the time to be spotted yet.

- Subtly different runtime characteristics (see the original post).

- Maintainer going rogue or the dependency getting hijacked and introducing security issues, unless you audit the full code whenever upgrading (which you don't).