Recognize upstream security updates

In addition to our namespaces that we check for available updates, we should also check for upstream (i.e. indirect) security updates. The process is nicely described in this article: https://www.oakleys.org.uk/blog/2022/08/keeping_track_of_upstream_security_issues

added To Do label

changed the description

added Doing label and removed To Do label

assigned to @jurgenhaas

mentioned in commit 353fa51a

mentioned in commit becdcfff

mentioned in commit 30b857b5

This is now implemented as a pipeline which also runs when the scheduled pipeline "Check 4 Updates" executes. If any upstream CVEs were identified, a GitLab issue for that website containing details will be created.

closed

removed Doing label