> We used to have a tech-debt ticket every couple of sprints to review and update various packages in order to take care of any potential vulnerabilities.

We should probably start doing that.

We have a pretty thorough set of tests, so we do catch breaking changes from Dependabot in the CI pipeline.