-
Notifications
You must be signed in to change notification settings - Fork 3k
Dependabot Security Updates
Isabella edited this page Aug 29, 2024
·
1 revision
We use Dependabot to automatically raise pull requests to update node dependencies with known security vulnerabilities in our package.json
file.
If you are assigned to review a Dependabot pull request, these are the following steps you should take:
- Ensure Bitrise and other PR checks pass. If flaky tests cause a Bitrise failure, you are responsible for rebuilding until all checks pass.
- Check locally that
bootstrap.sh
andnpm run build
both run successfully (view the project README for more information). - Verify that there are no new major security risks with this dependency update (run
npm audit
, more information here). - Briefly run the app as a last check.
This is an example of Dependabot resolving a vulnerability within webpack
.
This page is a work in progress. If you encounter a new and undocumented case with Dependabot, please update this Wiki page. ❤️