Time boxed Engineering Discovery: Dependency List: Show when a component is out of date
Background:
In the dependency list, it would be nice to know if I have a component that is outdated so I can update it before it becomes a weakness.
Problem:
Out of date components may have weaknesses or vulnerabilities associated with them and vulnerabilities are often reported on or just after the fact when a component update is made available.
User:
AS someone tasked with managing the dependency list for my project, I want to know when a component or dependency is out of date so I can update it before it becomes a weakness or contains a vulnerability.
Proposal:
- Add a new
out of date
status to the dependency list when components are detected that have not been updated. - Show which version is recommended to update the component(s) to.