johncantrell97
commented
2 years ago cool, I've never used dependabot. It's the thing that opens pull requests with version updates?
Closed Mic92 closed 2 years ago
johncantrell97
commented
2 years ago cool, I've never used dependabot. It's the thing that opens pull requests with version updates?
Mic92
commented
2 years ago Exactly. Each dependency bump will get a PR. Here an example: https://github.com/internet4refugees/beherbergung/pull/215
Mic92
commented
2 years ago rebased to make CI green.
While reviewing the code I found a lot of reported outdated npm packages with open security vulnerabilities. Given the sensitive nature of this projects, it's therefore recommended to keep the project dependencies up-to-date automatically.