uimaFIT is already getting these pull requests, and it appears dependabot is coming soon to other projects.
https://dependabot.com/ It's integrated into GitHub. It scans your project's dependencies, and reports on those that are out of date or have security issues that are fixed in subsequent releases (I think). You can configure it in your github project: https://dependabot.com/docs/config-file/ -Marshall
