Although I'm giving Snyk (at least their marketing guys) a hard time for this, their tool does the same. An awesome feature is that they can actually open pull requests with fixed versions (if available) in your repository to get this stuff fixed. Depending on your setup, this means you immediately get continuous integration results and that a developer can quickly determine to perform an automerge (which in case of minor version updates you usually can). Really cool stuff.

