Automate checks for known security vulnerabilities in dependencies
There are a few tools for automated checking and updating of dependencies and/or checking for known vulnerabilities in dependencies:
The hosted tools are all very geared towards github integration and automation of the dependency update and testing process, but may be feasible on gitlab too (although I haven't tried this before).
In my experience the automation is really nice and useful, but irrespective of whether the hosted versions are viable or desirable, it is possible to add a step to run nsp to warn or error on continuous integration if any of the dependencies are affected by known CVEs.