Configures dependabot to automatically update NPM dependencies to comply with ProdSec standards
Engineering teams MUST avoid vulnerabilities altogether by frequently reviewing their declared dependencies and upgrading them as new official versions become available, even if the new versions do not fix vulnerabilities
What this does
Configures dependabot to automatically update NPM dependencies to comply with ProdSec standards
https://snyksec.atlassian.net/wiki/spaces/PRODSEC/pages/1562116117/Software+Composition+Analysis+SCA+Scanning
More information