I'm not sure if you have dependabot on for this repo however I have it enabled by default on any repo I created, and after using this one as a template, I got an alert from dependabot saying there are 17 security vulnerabilities. Prehaps enable it here and it should auto open PRs to fix the issues.