Skip to content

Dependabot Security Updates

Jump to bottom
Isabella edited this page Aug 29, 2024 · 1 revision

Dependabot

We use Dependabot to automatically raise pull requests to update node dependencies with known security vulnerabilities in our package.json file.

Dependabot PR Review

If you are assigned to review a Dependabot pull request, these are the following steps you should take:

  1. Ensure Bitrise and other PR checks pass. If flaky tests cause a Bitrise failure, you are responsible for rebuilding until all checks pass.
  2. Check locally that bootstrap.sh and npm run build both run successfully (view the project README for more information).
  3. Verify that there are no new major security risks with this dependency update (run npm audit, more information here).
  4. Briefly run the app as a last check.

Example

This is an example of Dependabot resolving a vulnerability within webpack.

This page is a work in progress. If you encounter a new and undocumented case with Dependabot, please update this Wiki page. ❤️

Clone this wiki locally