github has reported a security vulnerability in a dependency. I’ve deleted the dependency. github still reports a security vulnerability in the dependency, which is already deleted.
How does one resolve a security vulnerability? Or, maybe the question is, how does github check for security vulnerabilities? Does it check the ‘master’ branch? Or all branches? Is the set of checked branches configurable?
There is the “dismiss” option, but it seems to be for specifying a “will not fix” reason, rather than “it is fixed”.