SDK dependencies


What is the best strategy when it comes to atlasssian dependencies on a Jira datacenter plugin?
For example

  • Does this version support the plugin only for a Jira up to 7.13.x ?
  • Should we wait when a library vulnerability is found? Or when a minor/major is released, we should also update our dependencies accordingly?

thank you in advance,