Sometimes, Dependabot security updates can't create a pull request for you because any update we could make would break the requirements of another package that you depend on. When this happens, Dependabot will now tell you the latest version of your package that you can install and the earliest version that contains the security fix. Soon, it will also tell you the name of the blocking package.