This functionality is a must nowadays. To reduce the risk, I would lock the packages to specific versions and upgrade only after two weeks or immediately after a critical vulnerability is fixed.