search

openflagr / flagr-archived

[Archived] - Merged and move to https://github.com/openflagr/flagr
https://openflagr.github.io/flagr
Apache License 2.0
33 stars 7 forks source link

Turn on dependabot vulnerability scanning #74

Open JesperTerkelsen opened 2 years ago

JesperTerkelsen commented 2 years ago

There is a bunch of vulnerabilities in many of the node modules in browser/flagr-ui/package-lock.json

Expected Behavior

Dependabot vulnerability scanning is turned on, making it easier to manage

Current Behavior

Currently vulnerabilities in node and go package dependencies are not fixed.

Possible Solutions

  1. We could open PR's for all of them, but i think its easier if dependabot does that.
  2. Diverge our fork (which is not preferable)

Steps to Reproduce (for bugs)

  1. Fork this repository
  2. Enable dependabot vulnerability scanning
  3. See the PR's created and the dependabot alerts

Context

  1. Some of those vulnerbilities might be subject to real security concerns.
  2. For enterprises that are under security compliance, its a benefit to have as many vulnerabilities fixed as possible.
github-actions[bot] commented 2 years ago

Stale issue message