Skip to content

Dependencies with security issues aren't flagged #156

New issue
New issue
Open
Task
Open
Dependencies with security issues aren't flagged#156
Task
Labels
26.10An item we hope to do in the 26.10 cyclerainy daySmall items done in ~10% of each week's time
@tonyandrewmeyer

Description

@tonyandrewmeyer
tonyandrewmeyer
opened on Feb 26, 2026

The security scan done post-release finds issues (such as CVEs from Go) but we don't seem to have anything that identifies those earlier (even Dependabot should be able to do this, I think).

It would be far better to be aware of these before someone reports them to us, and before we cut a release.

Metadata

Metadata

Assignees

No one assigned

    Labels

    26.10An item we hope to do in the 26.10 cyclerainy daySmall items done in ~10% of each week's time

    Type

    Task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions