Correct me if I'm wrong, but I think running old code and not updating the dependencies might make your site vulnerable to security vulnerabilities that get discovered over time and fixed with new versions of libraries. So if you want to keep your code secure you will need to update libraries. But those old versions of those libraries will stop being supported, and known vulnerabilities will start to accumulate that have no fix. And attackers will probably have programs scan the web for websites with known vulnerabilities and automatically attack them.

Versus if you use a library or platform (like Web Components) that cares a lot about backwards-compatibility, they will maintain the security while also supporting your old code for longer.