Dependabot can fix vulnerable dependencies for you by raising pull requests with security updates.
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.