About security update pull requests

This morning, I received a security alert from GitHub about one of my (indirect) dependencies.

The alert says that it is generating  a pull request, but the message is greyed out and no pull request was created.

I’m not sure what I’m supposed to do next. Just wait, assuming that dependabot will eventually do something? Or maybe that greyed out message means there was a problem, and that GitHub somehow failed to create a pull request? 

Hi @redwork321,

Thanks for being here! Did this ever resolve for you?

I tried several times to generate an automatic pull request from this alert, but it always failed after some time.

But independly of this alert, dependabot updated the dependency that used “serialize-javascript”; that incidently solved the problem as this alert was deleted.


What do you mean it automatically updated it?  It updated and saved without doing a pull request?  Neither is happening for me.