I faced the issue that dependabot alerts in github are referenced to non existent yarn.lock file. And seems the path specified there has never existed. Looks strange. Does anyone know if it is possible to set path to yarn.lock file explicitly to be sure that alerts are generated correctly? Thanks for help in advance!
I contacted GitHub support, they re-detected the manifest files for this repository and seems it helped (at least for now all the alerts disappeared).