Also see how in the OWASP Top 10 “Using components with known vulnerabilities” increased its position in the ranking and how an entire new position was given to “Software and data integrity failures” (supply chain attacks)
In the modern world a supply chain attack is more likely to get you hacked than a SSRF, and having outdated components is more likely to get you hacked than even an authentication failure!