tldr: a github action with a cron schedule that runs whatever code is required to update whatever you have, and then push the diff (if any) in a branch and create a PR (if needed)

We are using something heavily derived from https://github.com/romoh/dependencies-autoupdate