Just a heads up that "Automated Security Fixes" have been disabled on the Wikimedia GitHub org. See [1]

The reason for this is that it generates pull requests on non canonical repositories (ie where Gerrit is the default development location) that require developers to close them.

If this is a feature you want on your repo generally, because you canonically develop on GitHub, you can re-enable these on your repo by clicking the "Security" tab, and then selecting "Automated Security Fixes" in the top right corner. See [2] for more info. If you do develop canonically in GitHub, please let us know at [3].

Note, this doesn't affect the security alerts related to outdated packages etc in a repo.

Thanks!

Sam

[1] https://phabricator.wikimedia.org/T237337 [2] https://help.github.com/en/github/managing-security-vulnerabilities/configur... [3] https://phabricator.wikimedia.org/T237470 [4] https://help.github.com/en/github/managing-security-vulnerabilities/viewing-...