Several security vulnerabilities seen in amp-github-apps repo

[rsimha]

We should enable renovate for upgrade the packages in this repo to fix these and future security vulnerabilities.

[rsimha]

/cc @danielrozenberg @erwinmombay @estherkim

[danielrozenberg]

renovate-bot is already on for this repo, and all renovate-bot PRs that I haven't approved are assigned to @estherkim, @erwinmombay, and @rcebulko

[rsimha]

The purpose of this issue is to track the fixing of security vulnerabilities. I've edited the description. Reopening until the alerts are gone.

[rcebulko]

Is there a way for us to see open vulnerabilities, or only repo admins/owners?

[rsimha]

@rcebulko You should have access once you become a part of @ampproject/wg-infra. Let's chat offline about how we can make that happen.

Edit: You've been invited.

[rcebulko]

/cc @rsimha

[rsimha]

Curious: For all the packages that you manually upgraded, were there renovate PRs that we couldn't merge for some reason or the other?

[rcebulko]

There had been a renovate PR for a while for Probot, but it broke owners, so I finally got to the bottom of that and fixed it. Jest, I don't recall seeing a renovate PR, and there was nothing pending. According to npm outdated, test-status was fine; it was just that set-value was a transitive dependency of a few direct dependencies that hadn't yet upgraded themselves.