GitHub Community
Dependabot alerts show up for archived repositories #19607
Replies: 1 comment 3 replies
-
|
Hey, was the Dependabot Alert raised prior to archiving the project? Perhaps they are treated like other issues and pull requests and must be individually dismissed before archiving. |
Beta Was this translation helpful? Give feedback.
-
|
No, the alert was recent and the repo was archived long ago. |
Beta Was this translation helpful? Give feedback.
-
|
Unfortunately I'm not so sure then. From my understanding Dependabot Security Alerts are not raised against archived projects. This seems like a bug or is it occurring on multiple repositories or now stopped? |
Beta Was this translation helpful? Give feedback.
-
|
This specific vulnerability lists two of my archived repositories. It hasn't stopped. |
Beta Was this translation helpful? Give feedback.
-
When I go to the Dependabot Alerts page for a recent vulnerability in Grunt and filter by my user, it shows up archived repositories in addition to the regular ones. The URL for me is:
https://github.com/advisories/GHSA-m5pj-vjjf-4m3h/dependabot?query=user:mgol
How to stop it from happening?
I even unarchived the repisitory, disabled dependabot security alerts in settings and archived it again but nothing changed.
Beta Was this translation helpful? Give feedback.
All reactions