any reason you haven't enabled Dependabot ?

[simonmcnair]

Just curious, would seem like a good thing to do, enable Dependabot.

[VictoriqueMoe]

I updated all the deos regularly and to the latest, dependabot is kinda annoying with the emails and I update deps every so often anyway

[simonmcnair]

That's fair enough. I'm not here to tell you what to do. The good thing about them though is any high profile security issues can be flagged and raised as a PR without you having to do anything other than merge them (it can do that too, but I probably wouldn't enable it).

Regarding alerting, the emails can be turned off at the bottom of here: https://github.com/settings/notifications#vulnerability-alerts-heading