These are just some automatic security updates that dependabot found and the addition of graphQL scan to search for vulnerabilites in the code each time there is a new pull request. There are still some vulnerabilities that it found, but could not automaticaly upgrade because it would cause some dependencies to break, the other vulnerabilities are:
Upgrade dot-prop to version 4.2.1 or later more info
These are just some automatic security updates that dependabot found and the addition of graphQL scan to search for vulnerabilites in the code each time there is a new pull request. There are still some vulnerabilities that it found, but could not automaticaly upgrade because it would cause some dependencies to break, the other vulnerabilities are:
Upgrade dot-prop to version 4.2.1 or later more info
Upgrade acorn to version 6.4.1 or later more info
Upgrade kind-of to version 6.0.3 or later more info