Grafana 8.5.16 fixes two security issues, one doesn't affect us since we don't use the affected plugin and the one other is low severity (snapshots are restricted to NDA users using grafana-rw). But regardless is makes sense to stay on top of updates since the v8.5.x branch also contains other bugfixes:
CVE-2022-23552 : Stored XSS in ResourcePicker component
https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv
CVE-2022-39324: Spoofing originalUrl of snapshots
https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw