chore: NARW-2246 add dependabot for NPM deps

snyk / policy

Snyk policy parser and matching logic

Other

8 stars 8 forks source link

chore: NARW-2246 add dependabot for NPM deps #130

Closed gclapperton closed 1 year ago

gclapperton commented 1 year ago

What this does

Configures dependabot to automatically update NPM dependencies to comply with ProdSec standards

Engineering teams MUST avoid vulnerabilities altogether by frequently reviewing their declared dependencies and upgrading them as new official versions become available, even if the new versions do not fix vulnerabilities

https://snyksec.atlassian.net/wiki/spaces/PRODSEC/pages/1562116117/Software+Composition+Analysis+SCA+Scanning

More information

Jira ticket NARW-2246

team-narwhal-user commented 3 months ago

:tada: This PR is included in version 4.0.0 :tada:

The release is available on:

npm package (@latest dist-tag)
GitHub release

Your semantic-release bot :package::rocket: