Should one update "built-in" CircleCI orbs?

I am slowly learning how to use Orbs and created my first one yesterday with circleci orb init as per the documentation! :tada:

But today I got hit by the RSA, SHA, ssh fun that many of us are seeing, this time with shellcheck.

So, my one attempt at solving it was updating the shellcheck orb. When I looked at the .circleci directory of my orb, I saw:

orbs:
  # Replace this with your own!
  circleci-tools: geos-esm/circleci-tools@<<pipeline.parameters.dev-orb-version>>
  orb-tools: circleci/orb-tools@10.0
  bats: circleci/bats@1.0
  shellcheck: circleci/shellcheck@2.0

I looked at the registry, saw that the circleci/shellcheck orb was now at 2.2.4, tried updating that, didn’t help.

But now I thought, huh, what about the others? A search shows that orb-tools is at 10.1.0 and, of course, shellcheck is at 2.2.4.

So I wondered: How should these “sub-orbs” be handled by a rookie orb developer like me? Is there a step I could put in my orb so that when I try to issue a new version of my orb, it could warn me “Hey, orb-tools now has a new version!” or something for the “sub” orbs?

Or should I ever touch these at all? That is, is there a reason circleci orb init provided me with shellcheck 2.0 yesterday because shellcheck 2.2.4 breaks all sorts of stuff?