Is it planned to allow modifying the constantly JS library versions with vulnerabilities (🙃) in a better way than in the Gradle DSL? Maybe on the same yarn or in another different yarn file? Or on a file which can be compatible with Renovate/Dependabot. This one should be great because the web world is awful in terms of vulnerabilities and updating the JS libraries manually is… 😕

Many JS vulnerabilities are not relevant because they came from web pack or the testing framework. the stdlib itself does not use any npm dependencies. So when using JS with another backend it "should" be safe.