I think this is something for you @lukasbestle @bastianallgeier. Some time ago you enabled the ‘Security’ tab of the Kirby 3 GitHub repository. I think another improvement would be to add the GitHub Dependabot to get automatic notifications about security updates for dependencies which Kirby 3 relies on. What do you think?
For reference, see this:
I created no GItHub issue because I’m not sure it belongs there.