Automatically notify and update dependencies
We are working to automatically remediate dependencies with a security vulnerability, but there is also value in notifying users and potentially automatically updating deps which are out of date.
This is helpful for a few reasons:
- If you let a dependency get very far out of date, upgrading can be time intensive and risky.
- For some libraries, there could be security updates but they are not generating CVE's or getting the some feeds.
It would be great to have a service which performed this function, and not just for dependency versions with a published vulnerability.