1

I have been using dependabot for about a year and recently (past couple of months) I started getting some emails that never came before. There are two types of emails that I get and they seem to be somewhat regular:

  1. [GitHub] Your Dependabot alerts for the week of Dec 28 - Jan 4
  2. [acme/acme-repo] Your repository has dependencies with security vulnerabilities

This leads to the following questions:

  1. Are these emails a new feature?
  2. If not, what could have caused them to start only recently?
  3. Why is dependabot sending me emails about vulnerabilities instead of its more typical behavior of just opening PRs.

I tried checking github's and dependabot's documentation and if I received any comms about changes but could not find anything.

ssc327
  • 690
  • 1
  • 9
  • 19

1 Answers1

0

As far as I can tell, dependabot features have been 'improved' from February 2022. Settings for notifications including dependabot are here: https://github.com/settings/notifications

This blogpost mentions some of the recent improvements GitHub have made

Jonathon Hodges
  • 130
  • 5