I would be careful with automatic dependency updates, especially if your codebase is not fully tested (E2e including). The dependency tree of a modern project has become a nightmare to follow and you never know which tiny bit of code might have overlooked semver and you end up chasing a pathom bug