Source: GitHub push output on develop.
GitHub reports 45 Dependabot vulnerabilities on the default branch (18 high, 21 moderate, 6 low): https://github.com/EKGF/dprod/security/dependabot
Most are likely transitive deps of the site/ (pnpm) and/or Python (requirements.txt) toolchains rather than anything in the published ontology, but the highs should be triaged.
Ask: triage the dashboard, bump/aggregate the high-severity advisories, and decide whether Dependabot PRs should be auto-enabled. This is an umbrella tracker; individual advisories live in the Dependabot dashboard.
Source: GitHub push output on
develop.GitHub reports 45 Dependabot vulnerabilities on the default branch (18 high, 21 moderate, 6 low): https://github.com/EKGF/dprod/security/dependabot
Most are likely transitive deps of the
site/(pnpm) and/or Python (requirements.txt) toolchains rather than anything in the published ontology, but the highs should be triaged.Ask: triage the dashboard, bump/aggregate the high-severity advisories, and decide whether Dependabot PRs should be auto-enabled. This is an umbrella tracker; individual advisories live in the Dependabot dashboard.