Just remember that blindly updating dependencies that no one trustworthy has reviewed is opening yourself up to supply chain attacks.

Blindly upgrading is worse than never upgrading unless you are addressing a specific CVE that impacts you.

Public open source code is code you did not have to write which can be a time saver, but you do not get to skip code review.

If you do not have time to review 2000 dependencies, then you should drop them favoring simple functions that only do what you need.