> Libyear is a simple measure of dependency freshness

Ooo, that's new to me. I like the idea of quantifying this.

Dependabot can be configured to e.g. update dependencies with security vulnerabilities every day and all other version updates weekly, and group them in a single pull request. That should fix the main complaint in this blog post.