If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.| GitHub Docs
GitHub automatically runs the jobs that generate Dependabot pull requests on GitHub Actions if you have GitHub Actions enabled for the repository. When Dependabot is enabled, these jobs will run by bypassing Actions policy checks and disablement at the repository or organization level.| GitHub Docs
Sometimes Dependabot is unable to raise a pull request to update your dependencies. You can review the error and unblock Dependabot.| GitHub Docs
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.| GitHub Docs
Dependency graph supports a variety of ecosystems.| GitHub Docs
If GitHub discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.| GitHub Docs
Dependabot can fix vulnerable dependencies for you by raising pull requests with security updates.| GitHub Docs
GitHub sends Dependabot alerts when we detect that your repository uses a vulnerable dependency.| GitHub Docs
You can use the dependency graph to identify all your project's dependencies. The dependency graph supports a range of popular package ecosystems.| GitHub Docs