CVE Remediation
Scans for known vulnerabilities on a schedule, upgrades affected packages, fixes the breaking changes, verifies with tests, and opens remediation PRs.
Triggers
2Every Monday at 06:00 UTC
ScheduleWeekly security sweep across activated repositories.
New advisory
EventOptional: react when an advisory affects a dependency.
Prompt
You are responsible for closing known vulnerabilities in this codebase. 1. Run a vulnerability scan and list affected packages with their severity and the fixed version. 2. Starting with the highest severity, upgrade each affected package to a patched version. 3. Resolve any breaking changes the upgrade introduces, then run the test suite. 4. Open a PR per advisory (or grouped by package family) that names the CVE, the affected version range, and the fix. Prioritize by severity and exploitability. If a fix isn't available upstream, document the exposure and propose a mitigation instead of forcing an unsafe change.