Dependabot alerting on file which not exists anymore

Hello everyone.
I’ve got an issue.

I’ve setup Dependabot on my repository a long time ago.
Since then my repository folder changed.
Now i’m continuing receiving Dependabot alerts about content of files, which not exists in my repository anymore (in all branches).
Like this one:
But package-lock.json is removed already =>

Is there any way to update or something like this Dependabot source \ settings?

If this is a wrong place to question - please, tell me where i can ask about this issue.
Thank you

Hi @bodynar :wave:

Thanks for bringing this up in the Community!

Do these alerts persist if you dismiss them?

Hello there, @ernest-phillips!


But im worried if there any error\mistake which can cause these alerts. If so - this topic can be considered as issue :slight_smile:

Can you list the exact steps to reproduce this?

According to my situation it could be:

  1. Make file in repository with errors, which dependabot can mark as issue
  2. Setup dependabot on this repository
  3. After first issue on file from p.1. occurs - dismiss alert and delete file
  4. Wait X time until next alert (not sure how long does it takes)

About p. 4 - for me dependabot created few alerts. See
I think it based on “GitHub Advisory Database” records updating

Latest sec update: GHSA-4fc4-chg7-h8gh -
It caused new alert:

Hi, those links to images don’t work. Can you attach the photo to the message using upload Screen Shot 2020-10-20 at 2.04.40 PM

ps. only 1 image at one message…