After being away from GitHub for several months, I have returned today to find pull requests from dependabot in some of my repositories. I don’t recall these being a thing the last time I used GitHub, and I never wanted these. I have now disabled dependabot security updates at my account level, but that has no effect on the security updates that already exist. Closing the pull requests and deleting the branches simply closes them; it doesn’t get rid of them. I understand that pull requests cannot normally be deleted, but these are not first-class pull requests: they are automated pull requests generated by GitHub itself by default that I can opt-out of. Is there any way that I can just get rid of them outright? I don’t see why I should have to have these hanging around in my repositories forever.
I have no idea how to delete them, although, just wondering, but why wouldn’t you want them?
Perhaps I’ll re-enable them at a later date, but for now, GitHub having done things in my repositories in my absence without me asking it to is not helpful to me, and only really serves to make me feel anxious. Given that these are personal repositories that nobody knows or cares about anyway, I would rather I just addressed security updates as they arise, and there is absolutely no point in these repositories being littered with automatically-generated pull requests.
I feel like there’s also a certain dogmatic element to this where GitHub is assuming that I think everything is important. I appreciate that’s a strange thing to say about security updates, but like, I’m not especially concerned about a low severity vulnerability in the build script of my static site which doesn’t actually run any scripts itself. I can address that myself if I want to; I certainly don’t need GitHub throwing a pull request at me about it. Again, it only serves to make me feel anxious.
Ok. I am sorry though, I don’t know how to delete those, other than closing them.