We have a check for each PR and also a scheduled (daily) check to ensure there are no vulnerabilities in our code -
npm audit --omit=dev I think is the command.
Happy Story
The back-end/cloud code is fully up to date.
Sad story
All user-facing apps have been updated but the back-end/cloud code has not been updated.
Background
The dependency checks have been rolled out on all user-facing apps (Admin, Apply, Assessments) and will be rolled out on the digital platform back-end repo following the Firebase upgrade. The digital platform contains our back-end code - i.e. the code that is hosted in Google Cloud.
We have a check for each PR and also a scheduled (daily) check to ensure there are no vulnerabilities in our code - npm audit --omit=dev I think is the command.
Happy Story
The back-end/cloud code is fully up to date.
Sad story
All user-facing apps have been updated but the back-end/cloud code has not been updated.
Ticket Champion
Warren