That's not really a solution though, just a mitigation.

Updating a single package for security fixes or other changes instead of a 1,000 is still vastly more efficient and faster.

Unfortunately packaging appears to be a paradox of sorts: Either your app lives in an environment of shared libraries where you have no control or your app lives inside a container of some sort that bundles copies of all those libraries. You can't have both.

That's because the solution alone can't be through packaging; it requires changes at every level of the stack.

The system needs to provide robust backwards-compatibility and sane packaging.

Applications need to use interfaces responsibly, pick dependencies carefully, and use a sane build environment.

When developers attempt to solve everything with the blunt hammer of packaging, they end up with a lot of "bent nails".