Skip to content
This repository has been archived by the owner on Aug 30, 2022. It is now read-only.

Turn on dependabot vulnerability scanning #74

Open
JesperTerkelsen opened this issue Jun 24, 2022 · 1 comment
Open

Turn on dependabot vulnerability scanning #74

JesperTerkelsen opened this issue Jun 24, 2022 · 1 comment
Labels
no-issue-activity

Comments

@JesperTerkelsen
Copy link

JesperTerkelsen commented Jun 24, 2022
edited
Loading

There is a bunch of vulnerabilities in many of the node modules in browser/flagr-ui/package-lock.json

Expected Behavior

Dependabot vulnerability scanning is turned on, making it easier to manage

Current Behavior

Currently vulnerabilities in node and go package dependencies are not fixed.

Possible Solutions

  1. We could open PR's for all of them, but i think its easier if dependabot does that.
  2. Diverge our fork (which is not preferable)

Steps to Reproduce (for bugs)

  1. Fork this repository
  2. Enable dependabot vulnerability scanning
  3. See the PR's created and the dependabot alerts

Context

  1. Some of those vulnerbilities might be subject to real security concerns.
  2. For enterprises that are under security compliance, its a benefit to have as many vulnerabilities fixed as possible.
@github-actions
Copy link

Stale issue message

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
no-issue-activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JesperTerkelsen