When a vulnerability is added to GitHub Advisory Database, the resulting Dependabot alert and security update notifications can be noisy. To help you focus on what matters, we've made a few changes to how Dependabot notifies you:
- You'll no longer be notified about the creation of Dependabot security update pull requests unless you're watching the repository where the pull request is created. To configure which repositories you are watching, see our documentation.
- You'll no longer receive email and web notifications for Dependabot alerts for Low- and Moderate-severity vulnerabilities. You'll still be able to see these alerts in your repository's Security tab, and if you have Dependabot security updates enabled, Dependabot will still create security update pull requests for them.
You can learn more about configuring your Dependabot notifications in our documentation.