We use Renovate to keep dependencies up-to-date across npm, Kotlin, Docker and GitHub Actions. It automatically monitors all the dependencies (including in our private repositories) and opens PRs (max 10 at a time) against those repos. This week I added grouping of related dependencies (e.g. all Spring boot dependencies or all ESLint dependencies).

Providing the pipeline is green, any minor, patch or image digest update can be merged automatically (with an approval coming from the renovate approve bot) and major updates need the approval of a developer.