Hello, I've enabled "dependabot-preview" for security fixes only on my private repo. However it detects only some vulnerable packages, compared to Security Alerts tab. Also, I can trigger the Automated security fixes (aka "dependabot") which creates PR for issues missed by the "dependabot-preview". Is it possible that dependabot-preview does not detect issues detected by Security Alerts (dependabot)? What is the recommened way to handle security audit? I would like to use the dependabot-preview because of the configuration options via config.yaml (PR customization), but it does not seems to be reliable. Thank you.
... View more