Like other DevTools repos, we have dependabot configured to update mongosh dependencies as new versions become available via dependabot.yml. We've currently disabled it due to the issues mentioned in comments

Figure out a fix to timeouts and package-lock confusion based on learnings from other libraries (mongosh, devtools-shared)

Alternatively repurpose update-electron script to be able to update arbitrary groups of dependencies and use it instead of dependabot