Nowadays, almost every project uses external dependencies. Thanks to security tools provided by GitHub, we can be automatically informed about vulnerabilities detected in the dependencies used.
If the bot detects vulnerability in one of the packages used in the project, it will immediately inform you about it and at the same time create a pull request raising the dependency to a safe version.
Be smart, use automatic dependency checking.