-
Type: Task
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Release Automation
Libraries don't distribute lock files, so it would make sense for us to ingest the latest dependency permitted by our semver range whenever possible, there's bots / github actions that can enforce a package-lock update before merging if one exists. Dependabot can also automagically open PRs for CVE updates.