da70
commented
2 years ago It's not possible to have automatic security vulnerability PRs target any branch except the default branch -- Configuration options for the dependabot.yml file:
Security updates are raised for vulnerable package manifests only on the default branch.
That was really the only motivation for creating and maintaining a .github/dependabot.yml file.
Closing this ticket as a "Won't do".
Currently dependabot is opening PRs against
master. We would like dependabot to scan and automatically open PRs against thedevelopmentbranch. It looks like this is done through adependabot.ymlfile.We should also take a quick look at Settings to make sure we have dependabot behavior configured the way we like.
GitHub docs: