Yeah, I'm with you. I have a lot on my plate, maintaining and developing the main application I work on single-handedly, while also working on several other projects, and putting out fires elsewhere in the company as needed.

I don't have time to spend days to weeks figuring out why upgrading Tailwind to version 3 breaks the project because of (presumably) my version of create-react-app.. do I need to eject, or copy the .ts/.tsx files over to a Vite project? Do i want to fuck around with CRACO, or editing the internal monster of a webpack config file directly?

Yes, critical security updates are important, but you shouldn't just go around upgrading major versions of other packages in your production app, without the understanding that it might be an incredibly time-consuming endeavour.

I am the opposite. To me, dependencies in a project are a debt to which I regularly make my payments by keeping them up-to-date and resolving breaking changes as they arise. Allowing dependencies to fall too far out of date, in my experience, made updates — when they became necessary — too painful.