Allow automated security upgrades of Node-RED

[ZJvandeWeg]

Description

When users have a certain line of Node-RED versions which are fine, for example 2.2.X, it would allow FlowForge to automatically trigger upgrades of Node-RED in case of security issues with Node-RED.

FlowForge should allow users to request automatic upgrades for security purposes.

[sammachin]

There are several stories that could be created out of this, Updating Node-RED requires changing the Stack, this would mean restarting Node-RED therefore I am hesitant to have the platform just arbitrarily restart a users project.

However providing better information and alerting them to instances that can or should be upgraded is certainly of value. The version of node-red is dependent on the stack being created in the FlowForge platform, so the availability of the new stack is what should then alert the user to update their project.

• [ ] As a user I want to see which versions of Node-RED my projects are running on at a glance
• [ ] As a user I want to be alerted when there is a new stack to update my projects to
• [ ] As a user I want to be alerted when there are updates to the modules in my projects

[ZJvandeWeg]

@sammachin We should fix security issues right away, and not wait because it requires a restart. If there's an RCE issue, or something that can be daisy chained to increase severity, it needs to be resolved ASAP.