hmcts/hwf-staffapp

Suggestion: Use Dependabot to keep dependencies up-to-date

Closed this issue · 1 comments

Hey @zaparka,

I know you folks use Dependabot on a bunch of other repos at MoJ. Would you be up for adding it to this one? I noticed a few insecure dependencies in the Gemfile.lock (sprockets and nokogiri).

(I'm on a push to get more open source repos using Dependabot because I'm about to start displaying any failing open-source tests for dependency updates on the Dependabot compatibility-score pages, in order to help maintainers fix their libraries and users find workarounds for bugs / braking changes.)

Already using it