Many minor macOS updates add features. 10.6.6 added the App Store. 10.7.2 added iCloud. More recently, 10.14.3 [0] added things as small as "a menu item to News for opening a story in Safari". (As an arguably even more trivial example, 10.14.1 added new emoji.)
Most minor updates also fix small, non-critical bugs, like 10.13.4 [1], which "fixes an issue that may prevent web link previews from appearing in Messages".
Do all of these updates fix security bugs too? Yes, because a company as big as Apple is probably always fixing security bugs. That doesn't mean they ONLY do minor updates for security bugs though.