Hi everyone!
As part of the NSF project, the squad is currently working on automating our dependency vulnerability checking. Currently, the Security Squad receives the reports, triages them and alerts the community when a critical update is needed.
As we look toward the long-term health of the project, we need the community’s input: Should we keep the current model, or move to publishing the reports Community-Wide?
Add your thoughts below.