Dependabot
You can use GitHub Dependabot security updates or manual pull requests to easily update vulnerable dependencies page 
Github security alerts were nice. Github security updates are really useful. Watch your email for alerts then click over to GitHub Dependabot pull requests and used the command line to merge the test the security changes.