Fix one thing, break two others
Just an update from down in the trenches:
Updating a third party library, for whatever reason, brings in the risk of regressions. Retesting the software is time consuming and expensive, so updating is avoided.
Quite often APIs also change, so it can be a large engineering effort to reintegrate libraries (I'm looking at you: React, .NET, Swashbuckle ...)