GitHub shows how Dependabot can automatically detect vulnerable dependencies and open pull requests with fixed versions, so you can review, run tests, and merge the remediation with minimal manual work.

How to fix vulnerabilities automatically with Dependabot

GitHub demonstrates how to remediate dependency vulnerabilities without writing code by using Dependabot.

What Dependabot does

• Scans your repository for risky/vulnerable packages.
• Automatically creates a pull request that updates the dependency to a fixed version.

Your workflow to apply the fix

1. Review the Dependabot pull request changes.
2. Run your tests to validate the update.
3. Merge the pull request to apply the security fix.

How to enable it

Enable Dependabot from your repository settings.

Related link

• GitHub for Beginners season 3: https://youtu.be/zhxXaFzzJYA