'Dependabot Emails
I have been using dependabot for about a year and recently (past couple of months) I started getting some emails that never came before. There are two types of emails that I get and they seem to be somewhat regular:
- [GitHub] Your Dependabot alerts for the week of Dec 28 - Jan 4
- [acme/acme-repo] Your repository has dependencies with security vulnerabilities
This leads to the following questions:
- Are these emails a new feature?
- If not, what could have caused them to start only recently?
- Why is dependabot sending me emails about vulnerabilities instead of its more typical behavior of just opening PRs.
I tried checking github's and dependabot's documentation and if I received any comms about changes but could not find anything.
githubSolution 1:[1]
As far as I can tell, dependabot features have been 'improved' from February 2022. Settings for notifications including dependabot are here: https://github.com/settings/notifications
This blogpost mentions some of the recent improvements GitHub have made
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Jonathon Hodges |