Prakash-Raut
commented
3 weeks ago Can i work on this ?
Open cb7chaitanya opened 3 weeks ago
Prakash-Raut
commented
3 weeks ago Can i work on this ?
cb7chaitanya
commented
3 weeks ago Sure, go ahead Assigned @Prakash-Raut
cb7chaitanya
commented
3 weeks ago We currently have a mechanism in place to check for outdated dependencies via npm outdated and notify the team if updates are available (implemented in trivy.yml). While this is useful, it requires manual intervention to update dependencies. To streamline the process and reduce human intervention, we need to enhance the current workflow to automatically create a pull request (PR) when new versions of dependencies are available.
@Prakash-Raut
Rudra-Sankha-Sinhamahapatra
commented
2 weeks ago Any update @Prakash-Raut
Set up a CI workflow that runs npm audit on every pull request to identify vulnerabilities in dependencies and ensure secure libraries are being used.