Not really - ultimately they're root, Google SafetyNet isn't, it has to run at the application level. Meaning Magisk will always win until remote attestation is enforced. There hasn't been a breaking update since July if I recall correctly and the Magisk developer had it patched in about a day.