the possibility of missing security fixes makes me leery of a purely manual update process.
Security vulnerabilities are another topic entirely, although they certainly overlap. Any changes to external packages you use increase the risk to your code - whether you let tools automatically upgrade or do it manually. Exhibit A - left-pad.
We're still far from being able to automatically "verify" software - whatever that means in any given situation. Proving / verifying software has been a research topic since forever and still is.
We do have better tools now to help with those decisions and hopefully they'll continue to improve in the future too. Whether that's semantic versioning. property based tests, dependent types and refinement types, automatic distribution, build and test tools,... the list goes on.