No Dependabot alert for CVE-2020-8184

I wondering why my repos haven’t gotten any Dependabot alerts (and automated security updates for CVE-2020-8184 found in rack: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c

Is it because the CVE isn’t in any of the sources GitHub uses? How is that possible when the issue even was found and fixed by GitHub Staff?

Also, dependabot-preview managed to pick up the security issue: https://github.com/Starkast/wikimum/pull/174

This is really confusing to me.

Hi dentarg,

I’ve just moved this question over to How to use Git and GitHub since I think you’re more likely to get the right :eyes: on it there.