Dependabot setup and alerts

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

​

Configuration in this repo

• File: .github/dependabot.yml

• Version updates – Weekly (Mondays) checks for newer dependency versions and open PRs.
• Security updates – When Dependabot detects a vulnerability, it can open a PR to fix it. This behavior works in conjunction with Dependabot alerts (see below).

​

What is covered

​

Dependabot alerts (vulnerability notifications)

​

Enable or verify alerts for this repository

1. On GitHub, open the repository and go to Settings.
2. In the left sidebar, under Security, click Code security and analysis (or Advanced Security).
3. Under Dependabot:
   • Dependabot alerts – Set to Enable so GitHub will create alerts and (when enabled) Dependabot security updates can open fix PRs.
   • Dependabot security updates – Optional. If enabled, Dependabot will open pull requests to fix vulnerable dependencies. Recommended.

​

Where to see alerts

• Security tab → Dependabot (or Security → Alerts).
• Email/notifications for maintainers (if configured in GitHub notification settings).

​

Organization / account defaults

• Organization: Settings → Security → Advanced Security → configure defaults for Dependabot alerts and security updates.
• Personal account: Settings → Code security and analysis → enable/disable Dependabot alerts for your repos.

​

References

• Configuring Dependabot alerts
• Configuring Dependabot security updates
• Configuration options for dependabot.yml
• DEPENDABOT_VULNERABILITIES_RESOLUTION_PLAN.md – Plan for resolving current vulnerabilities