Addressing Dependabot Vulnerability Alerts in Datahub Core Team

Original Slack Thread

Hi Datahub core team, what is your policy and process of addressing dependabot vulnerability alerts?

Our fork is based on v0.11.0 and as of today the datahub-web-react/yarn.lock has 8 critical and 30 high severity vulnerabilities.

I checked that this file was last updated right before v0.11.0 was released and was not updated when v0.12.0 was released.

In our experience, it is best to address these critical or high severity ones as soon as possible.attachment

<@U01GCJKA8P9> might be able to speak to this!