A new DependabotUpdate
GraphQL object connects the relevant repository's Dependabot alert(s) – aka vulnerabilityAlerts
– to the Dependabot generated pull request or error.
query($repo_owner:String!, $repo_name:String!) {
repository(owner: $repo_owner, name: $repo_name) {
vulnerabilityAlerts(first: 1) {
nodes {
dependabotUpdate {
pullRequest {
number
title
}
}
}
}
}
}
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"dependabotUpdate": {
"pullRequest": {
"number": 4772,
"title": "build(deps): bump object-path from 0.11.5 to 0.11.8 in /npm_and_yarn/helpers"
}
}
}
]
}
}
}
}
In some cases, Dependabot fails to open a pull request. Previously, the error message that Dependabot generated was only visible in the Dependabot Alerts
section of the Security
tab.
Now, if Dependabot runs into an error when trying to open a pull request for a Dependabot alert, you can see the error in the API.
query($repo_owner:String!, $repo_name:String!) {
repository(owner: $repo_owner, name: $repo_name) {
vulnerabilityAlerts(first: 1) {
nodes {
dependabotUpdate {
pullRequest {
number
title
}
error {
title
body
errorType
}
}
}
}
}
}
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"dependabotUpdate": {
"pullRequest": null,
"error": {
"title": "Dependabot cannot update braces to a non-vulnerable version",
"body": "The latest possible version of braces that can be installed is `1.8.5`.\n\nThe earliest fixed version is `2.3.1`.",
"errorType": "security_update_not_possible"
}
}
}
]
}
}
}
}
We want your feedback! Let us know how you are using DependabotUpdate
and give us your feedback in this GitHub discussion.
See the full API documentation in our GraphQL docs.