We have a cron job that updates all exeternal dependencies and force-commits them twice a week. Yes, sometimes shit breaks, but it's usually much easier to diagnose on a monday or wednesday morning with one or two changes, than if you go a year and then have to resolve a bunch of shit at once.

It seems like neither the open source or proprietary software is stable enough to build any sort of product on, at least not one that you can expect to operate for the next ten years.
Static stability is an illusion; there is only dynamic stability. (Also, the race to the bottom in quality, because most people most of the time would rather have buggy new features now than well-tested old features later. Market forces do the rest.)

Regarding direct impact, there's actually another problem, which is that you'll deform the BB and get jams in the mechanism/barrel. There's a reason AEGs have converged on air pumps...