snyk just looks at security issues, not all avaliable updates. i see dependabot (personally use renovate bot as dependabot has a broken security mode regarding forks, as you can't disable dependabot on a fork), as pro-actively upgrading dependencies, so the older dependency with a security issue is then not being used when the venerability gets announced as you have already upgraded.
John On Wed, 29 Dec 2021 at 14:48, sebb <[email protected]> wrote: > Genuine question: has Dependabot alerted us to any security issues? > > If so which ones, and was it the only alert mechanism for that issue? > > Sebb > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
