how to resolve security warnings

github has reported a security vulnerability in a dependency. I’ve deleted the dependency. github still reports a security vulnerability in the dependency, which is already deleted.

How does one resolve a security vulnerability? Or, maybe the question is, how does github check for security vulnerabilities? Does it check the ‘master’ branch? Or all branches? Is the set of checked branches configurable?

There is the “dismiss” option, but it seems to be for specifying a “will not fix” reason, rather than “it is fixed”.

Great questions.

You can resolve a secuity vulnerability by following the instructions in our help documentation. Once the fix (or any change) is merged into the default branch (whatever that branch is named in your repository), GitHub will schedule a new scan of your project’s dependencies. After this happens, the vulnerability alert should disappear. The set of branches checked is not configurable.

I hope that helps!

Just out of curiosity. Can I check for vulnerabilities on my local host before pushing changes to repository ? Does utility exist or maybe some script for doing this? Thanks.