Improvement
Dependabot Alert API adds relevant update info to the schema
A new DependabotUpdate GraphQL object connects the relevant repository's Dependabot alert(s) – aka vulnerabilityAlerts – to the Dependabot generated pull request or error.
query($repo_owner:String!, $repo_name:String!) {
repository(owner: $repo_owner, name: $repo_name) {
vulnerabilityAlerts(first: 1) {
nodes {
dependabotUpdate {
pullRequest {
number
title
}
}
}
}
}
}
query($repo_owner:String!, $repo_name:String!) {
repository(owner: $repo_owner, name: $repo_name) {
vulnerabilityAlerts(first: 1) {
nodes {
dependabotUpdate {
pullRequest {
number
title
}
}
}
}
}
}
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"dependabotUpdate": {
"pullRequest": {
"number": 4772,
"title": "build(deps): bump object-path from 0.11.5 to 0.11.8 in /npm_and_yarn/helpers"
}
}
}
]
}
}
}
}
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"dependabotUpdate": {
"pullRequest": {
"number": 4772,
"title": "build(deps): bump object-path from 0.11.5 to 0.11.8 in /npm_and_yarn/helpers"
}
}
}
]
}
}
}
}
In some cases, Dependabot fails to open a pull request. Previously, the error message that Dependabot generated was only visible in the Dependabot Alerts section of the Security tab.
Now, if Dependabot runs into an error when trying to open a pull request for a Dependabot alert, you can see the error in the API.
query($repo_owner:String!, $repo_name:String!) {
repository(owner: $repo_owner, name: $repo_name) {
vulnerabilityAlerts(first: 1) {
nodes {
dependabotUpdate {
pullRequest {
number
title
}
error {
title
body
errorType
}
}
}
}
}
}
query($repo_owner:String!, $repo_name:String!) {
repository(owner: $repo_owner, name: $repo_name) {
vulnerabilityAlerts(first: 1) {
nodes {
dependabotUpdate {
pullRequest {
number
title
}
error {
title
body
errorType
}
}
}
}
}
}
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"dependabotUpdate": {
"pullRequest": null,
"error": {
"title": "Dependabot cannot update braces to a non-vulnerable version",
"body": "The latest possible version of braces that can be installed is `1.8.5`.\n\nThe earliest fixed version is `2.3.1`.",
"errorType": "security_update_not_possible"
}
}
}
]
}
}
}
}
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"dependabotUpdate": {
"pullRequest": null,
"error": {
"title": "Dependabot cannot update braces to a non-vulnerable version",
"body": "The latest possible version of braces that can be installed is `1.8.5`.\n\nThe earliest fixed version is `2.3.1`.",
"errorType": "security_update_not_possible"
}
}
}
]
}
}
}
}
We want your feedback! Let us know how you are using DependabotUpdate and give us your feedback in this GitHub discussion.
See the full API documentation in our GraphQL docs.