Closed da70 closed 2 years ago
It's not possible to have automatic security vulnerability PRs target any branch except the default branch -- Configuration options for the dependabot.yml file:
Security updates are raised for vulnerable package manifests only on the default branch.
That was really the only motivation for creating and maintaining a .github/dependabot.yml
file.
Closing this ticket as a "Won't do".
Currently dependabot is opening PRs against
master
. We would like dependabot to scan and automatically open PRs against thedevelopment
branch. It looks like this is done through adependabot.yml
file.We should also take a quick look at Settings to make sure we have dependabot behavior configured the way we like.
GitHub docs: