GitHub Dependabot defined​

Dependabot is a feature of GitHub whose main purpose is to assist developers in staying on top of their dependency ecosystem. It does this by automating the dependency update process which in turn proactively addresses any potential security concerns. Dependabot also explicitly raises pull requests to address security vulnerabilities in dependencies and alerts developers to the precise location in the code where the vulnerabilities are. When enabled, it achieves this by scanning a project's dependency files such as package manifests (ie. package.json, Gemfile) or configuration files to identify dependencies and their versions. It then compares the current versions against the latest versions in the relevant package registries. As a developer woking on a site hosted on Pages you may have seen many of these types of alerts/pull requests in your given repository. This article will explain on how to effectively manage these alerts without compromising your code's security.