I dunno, I’ve never found it all that onerous.

I have a couple of dozen (perhaps ~50) containers running across a bunch of servers, I read the release notes via RSS so I don’t go hunting for news of updates or need to remember to check, and I update when I’m ready to. Security updates will probably be applied right away (unless I’ve read the notes and decided it’s not critical for my deployment(s)), for feature updates I’ll usually wait a few days (dodged a few bullets that way over the years) or longer if I’m busy, and for major releases I’ll often wait until the first point release unless there’s something new I really want.

Unless there are breaking changes it takes a few moments to update the docker-compose.yaml and then dcp (aliased to docker compose pull) and dcdup (aliased to docker compose down && docker compose up -d && docker compose logs -f).

I probably do spend upwards of maybe 15 or 20 minutes a week under normal circumstances, but it’s really not a full time job for me 🤷.

I use digests in my docker compose files, and I update them when new versions are released (after reading the release notes) 🤷