I use badges from david-dm.org and whenever I see red (minor patch out of date) for either dependencies or dev dependencies I use my tool next-update (https://github.com/bahmutov/next-update) to actually update dependencies one by one to latest version. The key is that next-update runs your tests and tells you if something fails. So you upgrade only with dependencies that do not break your project. There is even a public anonymous stats telling how likely a particular update to break stuff http://next-update.herokuapp.com/
I also use grunt-nice-package https://github.com/bahmutov/grunt-nice-package to remove all *, ^ and ~ from dependency versions - I want to have the exact versions, even a patch update can break stuff.
next-update looks interesting, I will give it a try. Meanwhile, I posted it on the site as I think it can be useful for everyone.
Thanks for your input.