If you don't refactor and update your dependencies regularly you can easily end-up in a corner.

You can be hit by a bug in your dependencies, be it a functional one or a security one, but if your dependencies are completely out of date and there is tons of API incompatibilities between the version you are using, and the version implementing the bug fix, it will be really painful and take a long time to update, with stakeholders breathing down your neck expecting a fix asap.

Also, maintaining old tool chains can be a real drag (maintaining older building hosts, developer machines or VMs).

Updating frequently to be near enough the latest version is generally preferable.