Keeping your code’s dependencies up to date is hard, so luckily there are free tools like Dependabot around, that can create PRs against your repository whenever any of your dependencies have a more recent version updated. Depending on the size of your codebase, this can turn into quite a chore as you have to verify that the dependencies don’t break your code.
A common solution is to establish a thorough test suite and other CI checks that you trust to let you know if your code is broken and combine that with automatically merging Dependabot PRs.
If you aspire to be a developer, sys-admin, or some other profession that relies on computers outside of word documents and excel spreadsheets then you ought to be comfortable with a command line.
Software and IT professionals love their command-lines as it is much more powerful than any GUI could ever be. This article aims to get you started from no prior knowledge.
If this is completely new material for you, I recommend that you keep a Finder/Windows Explorer/etc.