Time boxed Engineering Discovery: Dependency List: Show when a component is out of date

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Background:

In the dependency list, it would be nice to know if I have a component that is outdated so I can update it before it becomes a weakness.

Problem:

Out of date components may have weaknesses or vulnerabilities associated with them and vulnerabilities are often reported on or just after the fact when a component update is made available.

User:

AS someone tasked with managing the dependency list for my project, I want to know when a component or dependency is out of date so I can update it before it becomes a weakness or contains a vulnerability.

Proposal:

• Add a new out of date status to the dependency list when components are detected that have not been updated.
• Show which version is recommended to update the component(s) to.