While I've never seen a project killed by dependencies, I've certainly seen projects stuck on treadmill of constant dependency updates.

You know, they import 5 libraries, each of which imports 5 more libraries, each of which imports 5 more libraries, and suddenly they're buried in 'critical' updates because there's a denial-of-service bug in the date parser used by the yaml parser used by the configuration library used by the logging library used by the application.