A new DependabotUpdate
GraphQL object connects the relevant repository's Dependabot alert(s) – aka vulnerabilityAlerts
– to the Dependabot generated pull request or error.
query($repo_owner:String!, $repo_name:String!) {
repository(owner: $repo_owner, name: $repo_name) {
vulnerabilityAlerts(first: 1) {
nodes {
dependabotUpdate {
pullRequest {
number
title
}
}
}
}
}
}
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"dependabotUpdate": {
"pullRequest": {
"number": 4772,
"title": "build(deps): bump object-path from 0.11.5 to 0.11.8 in /npm_and_yarn/helpers"
}
}
}
]
}
}
}
}
In some cases, Dependabot fails to open a pull request. Previously, the error message that Dependabot generated was only visible in the Dependabot Alerts
section of the Security
tab.
![Screenshot of Dependabot Security Tab](https://i0.wp.com/user-images.githubusercontent.com/12107187/155599950-f7bc9ac5-6d76-4e59-975d-23f499be8b28.png?ssl=1)
Now, if Dependabot runs into an error when trying to open a pull request for a Dependabot alert, you can see the error in the API.
query($repo_owner:String!, $repo_name:String!) {
repository(owner: $repo_owner, name: $repo_name) {
vulnerabilityAlerts(first: 1) {
nodes {
dependabotUpdate {
pullRequest {
number
title
}
error {
title
body
errorType
}
}
}
}
}
}
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"dependabotUpdate": {
"pullRequest": null,
"error": {
"title": "Dependabot cannot update braces to a non-vulnerable version",
"body": "The latest possible version of braces that can be installed is `1.8.5`.\n\nThe earliest fixed version is `2.3.1`.",
"errorType": "security_update_not_possible"
}
}
}
]
}
}
}
}
We want your feedback! Let us know how you are using DependabotUpdate
and give us your feedback in this GitHub discussion.
See the full API documentation in our GraphQL docs.