Removing the security vulnerability banner
The yellow banner stating "We found potential security vulnerabilities in your dependencies" is being removed. Please use the "Security" alert count in your repository navigation as an indicator for when your repository has Dependabot alerts. You can also adjust your notifications settings to opt-in to email and web notifications, as well as email digests for your Dependabot alerts.
About this change
We've been working to steadily improve our security alert notifications and indicators. As part of our notifications strategy, we are removing this legacy banner.
Available alert notifications and indicators
Today, when Dependabot detects a dependency-based vulnerability, Dependabot lets you know based on your user notifications settings and repository watching settings. You can opt to receive:
- Web-based notifications on alerts in your GitHub inbox
- Email based notifications on alerts
- Email digests (weekly or daily roll-ups of alerts).
From the UI, you can also use the "Security" alert count in your repository navigation as an indicator for when your repository has alerts. This Security tab includes the count for all active Dependabot alerts, code scanning alerts, secret scanning alerts, and any security advisories that you have permissions to view.
Learn more about GitHub Advanced Security, Dependabot alerts, and configuring notifications for alerts.