I’m trying to setup notifications to chat for vulnerability alerts and generic dependabot PRs. I’m now subscribing to
repository_vulnerability_alert webhooks which allow me to create notifications for vulnerability alerts all fine.
For regular dependency updates I need to subscribe to
pull_request webhooks and notify on those, however, the vulnerability alerts also create PRs sometimes and I can’t see how they are different from the regular PRs.
How I can detect that a PR from dependabot is for a vulnerability alert or not so I can prevent double notifications?