Yes, it is safe, and moreover, we recommend using package managers (for example, "yum" on RedHat-based systems, or "apt-get" on Debian-based systems) to keep the system up-to-date.
However, some packages may conflict with Plesk or another software. These packages can be added to a skip list. The recommended settings are:
for up2date, add to
for yum, add to
exclude=kernel* sendmail bind-chroot caching-nameserver
for apt-get, execute with:
sudo apt-mark hold <package>
echo <package> hold | sudo dpkg --set-selections
To find out which actions should be taken after an Apache upgrade on a Plesk system, see the following KB article:
#762 Is it possible to upgrade Apache to the latest version from an OS update?
If Plesk is installed inside a container, the kernel updates are not necessary - the kernel should be upgraded from the Hardware Node.
If Plesk is installed on a hardware server, the kernel updates are recommended if there are only vendor's repositories configured. Otherwise, if the custom repositories provide new kernels, it is better to have the kernel manually updated from the vendor's repository. The reason is simple: major troubles are caused by kernels with GRSecurity patches applied. Plesk is not designed for working with such configurations.