I've been using dependabot for keeping my dependencies up to date and it's the best thing ever. It works with virtually every language, it makes a PR when a dependency is out of date and the only thing you have to do is merge it. You can even tell it to merge the PR automatically if your CI checks have passed.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I've been using dependabot for keeping my dependencies up to date and it's the best thing ever. It works with virtually every language, it makes a PR when a dependency is out of date and the only thing you have to do is merge it. You can even tell it to merge the PR automatically if your CI checks have passed.