...
Ask the maintainer to create a new release containing any already-merged changes to support the version we’re upgrading to (and help resolve any concerns preventing that, if necessary). Often adding a GitHub Issue to request a new release works best for this (or commenting on an existing such issue, if one exists, to ask for a status update).
Switch to an existing, more actively maintained equivalent package if that can be done with minimal effort. Often this is a fork made after maintenance of the original package ceased.
Help to get merged any existing PRs adding support for the version we’re upgrading to (fix tests, respond to maintainer concerns, etc.)
Create a new PR adding support for the version we’re upgrading to, and work with the maintainer to get it merged. This can take a long time depending on the maintainer’s availability, so these PRs need to be created early when needed.
Review our usage of the dependency, and try to stop using it. This may involve refactoring our code such that we no longer need the dependency, or perhaps copying a small chunk of code from it if that lets us stop using the rest of it.
Fork the package into the edX GitHub organization and apply the necessary updates. This is often the last resort if all of the options above fail to succeed in a reasonable length of time.