Do you use a bot to manage your project's dependencies?View other answers to this thread
3.4K+ developers have started their personal blogs on Hashnode in the last one month.
Write in Markdown · Publish articles on custom domain · Gain readership on day zero · Automatic GitHub backup and more
Imho, if it's not broken, don't fix it.
Here's what I use for some of my libs: There are bots which only automatically update dependencies when security issues become known (I use Snyk). They create pull requests and you can handle them when you have time. If you have good CI, then every pull request should also automatically be checked (for example on Travis), so that all tests pass. That also means that you need to have extensive unit tests for your library or application.