If you’re using pnpm as a package manager and dependabot for security alerts – be aware, if you’re running pnpm v9, dependabot will no longer flag required updates for components with vulnerabilities, as it doesn’t support the v9 lock file.
It’s a known issue internally at GitHub, but it caught us out after we upgraded from v8 to v9 – … Read more “Using pnpm & dependabot? Security alerts silently cease when you upgrade to v9”