We need to create a release branch in the Gitlab midstream and perform a Snyk CVE scan on it.

For larger projects this script may help in collating the scans.

Any CVE with a CVSS score above 5.0 should be fixed (if possible) with that patch pushed upstream. Any CVEs which have not fix available, or can't be fixed for other reasons, should be noted so they can be discussed with Prod-Sec.