I currently subscribe to RSS feeds for some of the upstream libraries we maintain to know when updates are available. However this doesn't really scale past me.
This bot would follow upstream projects, and if a new release is detected, it would file a task indicating that a new version is available. It would then be up to the maintainers of that project to follow-up on the ticket.
If a new version is released the bot will check to see if the previous version's ticket was already closed, and if so, file a new bug. If it wasn't closed, it'll leave a comment indicating that an even newer version is available.
The bot's configuration will have a list of upstream projects, and for each upstream, it'll have a list of Phabricator projects to add to the ticket and people to subscribe.
It would be good if we could reuse the APIs of existing projects like https://release-monitoring.org/ and https://libraries.io/.
This would be similar to what Fedora does: https://bugzilla.redhat.com/show_bug.cgi?id=1525004.