PR's raised by dependabot

[sushmita-m]

We have started to vendor our packages using my-precious, is there a plan to work on making dependabot PR's cater to these vendored packages?

[dhruvg20]

👋🏽 Browsing security vulnerabilities in the GitHub Advisory Database would help review all the dependencies.

We add vulnerabilities to the GitHub Advisory Database from the following sources:

• The National Vulnerability Database
• A combination of machine learning and human review to detect vulnerabilities in public commits on GitHub
• Security advisories reported on GitHub
• The npm Security advisories database

🙇🏽

[nmeans]

👋 Hi @sushmita-m! Dependabot supports vendored dependencies for the Bundler (Ruby) and Gomod ecosystems, but not currently for npm via my-precious. We don't have plans to add support for that right now, but I'll be sure and pass along the request to the Dependabot team.