Wouldn't this be a great use case of any agentic AI coding solution? A background agent scanning code/repo/etc and making suggestions both for and against dependency updates?

Copilot seems well placed with its GitHub integration here, it could review dependency suggestions, CVEs, etc and make pull requests.