/e/OS is not fully degoogled, as DNS connectivity checks, hardware attestation provisioning, and eSIM activation all go through Google.

They are working on some of this, at least eSIM activation. Also do you have a source for DNS connectivity checks? AFAIK they have used their own for a while

It is often many weeks or months behind on security updates, especially in the WebView, which makes it easy to exploit.

This is a serious problem, however their update speed is comparable to a lot of default ROMs

It doesn't support bootloader locking on many devices, and if you lock the bootloader on a phone that does support it, it could brick if /e/OS is on an older security patch than the stock ROM was

/e/os supports boot loader relocking on most official devices, however the community builds don't support it. The bricking part has nothing to do with /e/os, it's a hardware security feature of some devices. This would happen with any ROM including the official one

And finally, /e/OS's text-to-speech sends what you say to OpenAI, despite local options being available.

I assume you mean speech-to-text? Anyway the feature is opt in and they have since updated it to include a prompt to inform you about what it will do. Their reasoning for a cloud option was that local options either are bad or have too high ressource usage (important as /e/os supports a lot of underpowered devices). Overall a stupid move, but they adjusted the feature to let users make an informed choice

If you can't get a Pixel then iOS in lockdown mode is the next best option, however if you can't replace your phone, LineageOS is much worse than Graphene although it is still much better than /e/.

Lineageos might have quicker updates, though it is even more connected to google, except for not including microg. However a lot of people will need google play services so they will have to install it anyway