Automatically notify and update dependencies
We are working to automatically remediate dependencies with a security vulnerability, but there is also value in notifying users and potentially automatically updating deps which are out of date.
This is helpful for a few reasons:
- If you let a dependency get very far out of date, upgrading can be time intensive and risky.
- For some libraries, there could be security updates but they are not generating CVE's or getting the some feeds.
It would be great to have a service which performed this function, and not just for dependency versions with a published vulnerability.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.