GitHub Community

Maintainer Month Update: Tackling Contribution Noise and Giving Maintainers More Control
Announcements moraesc
All GitHub Copilot plans are now on usage-based billing
Copilot News and Announcements GitHub Community Admin
Webinar Series: Usage-Based Billing with Confidence
Announcements GitHub Community Admin
👾 Microsoft Build 2026 Community Recap
Copilot News and Announcements ebndev

Discussions

You must be logged in to vote

Dependabot raises new alerts without any changes
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
henriquevcosta asked May 9, 2023 in Code Security · Closed · Unanswered

1
You must be logged in to vote

Dependabot Gem Updates
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
nroose asked May 15, 2023 in Code Security · Closed · Unanswered

3
You must be logged in to vote

Add custom rules to dependabot
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
biohazd asked Apr 5, 2024 in Code Security · Closed · Unanswered

1
You must be logged in to vote

Dependabot issues, overriding sub sub dependency versions
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
krondorl asked Jun 3, 2023 in Code Security · Closed · Unanswered

1
You must be logged in to vote

dependabot added codes without permission
Repositories The core of version-controlled code storage Dependabot Automatically update dependencies to keep your project secure and up to date Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
jakks-team asked Jul 11, 2023 in Repositories · Closed · Unanswered

3
You must be logged in to vote

What is the maximum time in Dependabot update and how to extend it?
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
otter13 asked Jun 27, 2023 in Code Security · Closed · Unanswered

2
You must be logged in to vote

Manually trigger a dependabot scan on my repo
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
pantelis-karamolegkos asked Jul 27, 2023 in Code Security · Closed · Unanswered

2
You must be logged in to vote

Dependabot: Can't figure out how to ignore a specific version dependency inside of a group
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
cloudshiftchris asked Sep 2, 2023 in Code Security · Closed · Unanswered

3
You must be logged in to vote

Dependabot jobs for Python projects using poetry fails
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
akhileshraju asked Sep 8, 2023 in Code Security · Closed · Unanswered

3
You must be logged in to vote

Dependabot Vulnerable call languages support
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
aviadchen asked Apr 2, 2024 in Code Security · Closed · Unanswered

2
You must be logged in to vote

Ways to ignore security updates via dependabot.yml
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
pantelis-karamolegkos asked Oct 9, 2023 in Code Security · Closed · Unanswered

4
You must be logged in to vote

How to allow Dependabot access to private repos? Docs are incorrect
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
GeekOnIce asked Aug 30, 2023 in Code Security · Closed · Unanswered

5
You must be logged in to vote

Why do Dependabot PRs sometimes automerge before the CI has even started?
Pull Requests Propose, review, and discuss changes to a repository's codebase Dependabot Automatically update dependencies to keep your project secure and up to date Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
myyk asked Oct 16, 2023 in Pull Requests · Closed · Unanswered

2
You must be logged in to vote

Unexpected dependabot updates with pip-compile
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
pamelafox asked Nov 9, 2023 in Code Security · Answered

2
You must be logged in to vote

Dependabot updates transitive pip dependency in one file but not the other
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
pamelafox asked Nov 9, 2023 in Code Security · Answered

3
You must be logged in to vote

Will dependabot try to update a dependency to the latest version if it has an open CVE?
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
pnacht asked Dec 1, 2023 in Code Security · Closed · Unanswered

3
You must be logged in to vote

Dependabot fake commits added in our all repos
Repositories The core of version-controlled code storage Dependabot Automatically update dependencies to keep your project secure and up to date Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
sandeepdevops300 asked Dec 7, 2023 in Repositories · Closed · Unanswered

1
You must be logged in to vote

About dependabot's pip
Repositories The core of version-controlled code storage Dependabot Automatically update dependencies to keep your project secure and up to date Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
kenishidada asked Dec 18, 2023 in Repositories · Closed · Unanswered

1
You must be logged in to vote

Does Github Provide OpenSource Software(OSS) scanning for licensing?
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
danishsattar007 asked Oct 12, 2023 in Code Security · Closed · Unanswered

6
You must be logged in to vote

Dependabot with AWS CodeArtifact as npm-registry
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
andreadeluisi-ryte asked Dec 1, 2022 in Code Security · Closed · Unanswered

4
You must be logged in to vote

Errored with the message "Dependabot timed out during its update" and 1 other error + pip
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
LairdStreak asked Jan 17, 2024 in Code Security · Closed · Unanswered

6
You must be logged in to vote

Dependabot not applying all proposed updates
Repositories The core of version-controlled code storage Dependabot Automatically update dependencies to keep your project secure and up to date Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
jdholbrook81 asked Dec 7, 2023 in Pull Requests · Closed · Unanswered

2
You must be logged in to vote

why is Dependabot not supported by GitHub when it is part of it?
Repositories The core of version-controlled code storage Dependabot Automatically update dependencies to keep your project secure and up to date Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
jtnord asked Jan 25, 2024 in Repositories · Closed · Unanswered

2
You must be logged in to vote

Dependabot does not find packages library when using GITHUB_TOKEN
Packages Host your dependencies, libraries, and production-ready code, right from your repository Dependabot Automatically update dependencies to keep your project secure and up to date Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
mindhaq asked Jan 27, 2024 in Packages · Closed · Unanswered

1
You must be logged in to vote

minimal customisation of dependabot.yml
Dependabot Automatically update dependencies to keep your project secure and up to date Code Security Build security into your GitHub workflow with features to keep your codebase secure Question Ask and answer questions about GitHub features and usage inactive This discussion has been automatically marked as inactive. This was formerly labeled stale.
jonseymour asked Mar 7, 2024 in Code Security · Closed · Unanswered

4