Grey Baker

One fix for this would be #425

Interesting. I'm really keen to do some kind of resolvability check during Dependabot's Maven updates - it's the one things that's blocking me taking it out of beta.

Definitely supportive of PURL, but this repo is a data source, and one that we want contributors to be able to edit directly. (We have some formatting improvements to make...

Dependabot Script doesn't use the `.dependabot/config.yaml` file. You can tell it to target a specific branch by specifying that branch when setting up the `Source` though.

That should do it, yep. It'll be picked up by [this line](https://github.com/dependabot/dependabot-core/blob/master/common/lib/dependabot/pull_request_creator/gitlab.rb#L140) in Dependabot Core.

@mijuhan - is there anyone from your team we should talk to about having the data in this repo contribute to security alerts for Elixir (as/when they happen)?

It is! It helps that I work at @github now! :octocat: No promises on timeline, but we're aiming for the next six months.

This should help: [Elixir advisories are now included in the GitHub Advisory Database](https://github.blog/2022-06-27-github-advisory-database-now-supports-erlang-and-elixir-packages/). (Not full support for alerts yet, so I won't close this out. It should be relatively straightforward...

OK, with the above, I think it's time we archived this repo. All of the data from it is in the [GitHub advisory database](https://github.com/advisories?query=type%3Areviewed+ecosystem%3Aerlang) ([repo here](https://github.com/github/advisory-database)) and can be fetched...

Honestly, I'm not sure. Can you create a repo on github.com that reproduces?