🔥 3-day streak
GitHub Enterprise Administrator (GH-100)18 / 79
Question 18 of 79

A platform team at a fintech company wants Dependabot to automatically open pull requests for known security vulnerabilities in their npm dependencies as soon as advisories are published, but they explicitly do NOT want routine PRs opened just because a newer non-vulnerable version of a package is released. The repository already has the dependency graph enabled. Which configuration achieves exactly this behavior?

Reviewed for accuracy · Report an issueNext question