In the project I'm working on, we use dependabot. It's really cool because, as you said, it creates PRs with lots of information to review and merge at will or review the branch locally.
For development or testing only dependencies, most of the time I just merge, for production ones I try to review them locally whenever they're critical to the app's health.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
In the project I'm working on, we use dependabot. It's really cool because, as you said, it creates PRs with lots of information to review and merge at will or review the branch locally.
For development or testing only dependencies, most of the time I just merge, for production ones I try to review them locally whenever they're critical to the app's health.