this is, for me, a matter of careful control over my libraries. I made the decision that I wanted to be able to restore my libraries to the approved configuration without needing an Internet connection. Thus, I downloaded all of the package source files I wanted to include in my libraries and stored them on a server. Making any updates to the libraries requires acting through the configuration management process. This forces me to be deliberate* and thoughtful about upgrading packages.
I just went through the upgrade process. it was a mixture of automated tests from some of my local packages and user-based tests in my shiny apps. Overall, it was a very smooth process.
install.packages isn’t something I allow myself to use just because I want the latest feature. The process of upgrading my production library requires a non-trivial amount of paperwork.