We are currently using dependabot to automatically open pull requests to fix vulnerabilities.