I've been using a simple script to update my pi, which I manually start (whenever I remember!!)
Would it be safe to add a cron job to run it weekly automatically in the middle of the night, or should the update/upgrade/clean commands always be monitored in the console?
To be honest, I never do upgrades on my pi's if the system is running well. I think this stems from not having used windows for almost 20 years and not feeling the need to upgrade that windows users have instilled in them.
 This is not a criticism of anyone who needs to upgrade often due to frequent changes of their environment!
I agree with @ghayne that this is probably not a good idea on a 'production' system as you can never be 100% certain that an upgrade will not break things. For example an unexpected power failure in the middle of updates can make the system unbootable.
However, if you do want automatic updates then I suggest using the tool designed for this purpose. I believe it works correctly on raspbian https://wiki.debian.org/UnattendedUpgrades
I don't actually think that the decision is as clear-cut any more. You have to balance the risk of breaking something against the risk of compromise due to slow patching. Indeed some organisations have started auto-updating even servers, auto-updates on end user devices is certainly getting very common.
Ideally, in production, you would have a pre-prod system that gets updates a short while before production and do some base regression tests. But of course, this requires suitable operational resources (e.g. people).
Possible, certainly, but for example if there were a threat of thunderstorms then one would probably not start the updates running, whereas automatic updates would run regardless. Also one might make sure not to run kit that might be more prone to trip the power whilst doing updates.
I think @TotallyInformation put forward a convincing argument, and I'll try to mitigate the words of caution by creating regular system backups, so if it all goes wrong, I can quickly restore the system. Fortunately, no data is stored on the pi, as I'm running Influx in a cloud instance.
I certainly haven't discounted Unattended Upgrades, but was initially off-put by it's size & complexity.
It's much more comprehensive, and handles 'reboot requests', 'files not available', and many more edge cases.
I will probably progress from using the bash script to use Unattended Upgrades, but that will be after my next scheduled system backup, and after I return from a family break.