If you're lazy and dealing with a non-critical system, `yum update --security -y` as a nightly cron job goes a long way.
If you're working on something important, say critical national economic infrastructure, you do the equivalent with automated staging and testing happening before any potentially breaking changes are made to live servers.
Yum isn't going to patch Struts, though. That's an application package.
There are services that monitor your package configuration(s) and let you know when something has been updated.
There are also mailing lists. Unless you're a Node developer, you probably only have a couple dozen dependencies in your app. Subscribe to them.
Finally, you can just check in your lockfile and update packages as part of your dev builds, then commit it whenever something changes. Your CI/CD will make sure you are always running the latest version of every application dependency in production.
If you're working on something important, say critical national economic infrastructure, you do the equivalent with automated staging and testing happening before any potentially breaking changes are made to live servers.
Or... you do nothing, as the case may be...