Highlight vulnerabilities
https://osv.dev/ or GitHub Security Alerts (if possible?)
The difficult thing here is how to look things up without possibly risking leaking sensitive package names?
select organisation , repo, package_name, cve_id from renovate natural join osvdev_cves ;
Edited by Jamie Tanna