Hi,

I’m a member of the Eclipse Foundation Security Team. I’ve analyzed this repository with Scorecard and StepSecurity to check if it was applying some supply chain security best practices.

The following issue(s) has(ve) been detected:

• Properly use a dependency update tool, like Dependabot

As a result, you will see some PRs coming both from me and/or the StepSecurity bot to provide fixes for those issues. This issue will serve as the parent for those PRs.

Thanks!

Kind Regards,
Francisco Perez