Wondering how many of you are using dependabot on GitHub. If you don't know, it is a bot now owned by GitHub that looks at your dependencies files and will open PRs to updated them as new releases are made. Additionally, it will also alert you if one of the dependencies does a security fix.
I started using it a couple months ago and I love it. It took a couple of weeks of tweaking the schedule, target branch, and process to get it to fit into our process but it is so worth it. I've got it scheduled to run weekly on Sundays. So, Monday mornings I review the changes, approve them, and tell the bot to merge it. I then bring them into the dev branch for regular testing. All the PRs are sent through our test suite just like everything else.
This totally beats our previous manual process of monthly (which often becomes every-other-month) review and update.