Dependabot does not currently appear to be scanning dependencies for egeria-react-ui. Though it is configured on the repository, we don't have a custom config file as we do in egeria - since we needed to configure the package.json locations.
Dependabot management is a strategy we've used with the egeria base code for a couple of years, and is also in place on the egeria-static-ui repository & various connector repositories. There have already been multiple occasions where this pre-emptive work has avoided security vulnarabilities.
We held off enabling for the react UI when part of egeria to avoid too much clutter.
However I propose we enable it. This will result in additional alerts and/or PRs to be actioned
planetf1
commented
3 years ago
Dependabot does not currently appear to be scanning dependencies for egeria-react-ui. Though it is configured on the repository, we don't have a custom config file as we do in egeria - since we needed to configure the package.json locations.
Dependabot management is a strategy we've used with the egeria base code for a couple of years, and is also in place on the egeria-static-ui repository & various connector repositories. There have already been multiple occasions where this pre-emptive work has avoided security vulnarabilities.
We held off enabling for the react UI when part of egeria to avoid too much clutter.
However I propose we enable it. This will result in additional alerts and/or PRs to be actioned