📄️ Dependabot
Dependabot can assist with patching packages for both security updates and general package updates. It is quite configurable to allow things like a cool-down period for package updates which helps to defend against supply-chain attacks which seem to be getting more frequent.
📄️ GitHub Actions
GitHub Actions is an event-driven, do something platform. I refuse to call it a CI/CD platform because CI and CD are completely separate concepts from what GitHub Actions does.