The ExtJS codebase suffered from this problem, and this was solved by patching the ExtJS version ourselves to fix bugs as they were found (security issues and browser bugs). At first we would do minor upgrades of ExtJS and bring the patch file along to the new version, stripping out the fixes no longer needed, but when ExtJS 3 stopped getting new releases we just kept fixing the last 3.x version.
Of course, it would be better if this were solved at the framework level by having them ship LTS releases that could keep getting fixes at the framework level for many years and had no build tool dependencies. But this is not a hard requirement to going this route.
Of course, it would be better if this were solved at the framework level by having them ship LTS releases that could keep getting fixes at the framework level for many years and had no build tool dependencies. But this is not a hard requirement to going this route.