Jurre

> Wow! Can't wait! Also, is there a way for me to unignore a dependency, before I knew you could disable it I removed them all 😂 I think this...

I'm assuming this is only an alert you received, or did we attempt to update the JSON package to `10.0.0` in a pull request? The reason I'm asking is the...

This ruby version is a bit misleading, the script runs using the [Dockerfile](https://github.com/dependabot/dependabot-script/blob/608c7f1ffa12372e428c34aa9080e3ad029e7c22/Dockerfile#L1), which bundles whatever version dependabot-core is on, which happens to be 2.7.6 currently, and will be 3.1...

I've enabled yarn berry support on this repo, so if you comment with `@dependabot recreate` on this PR, it will run with that functionality enabled, however running locally I get...

> Do I understand correctly that the container that dependabot runs in does not have git lfs installed? Yeah that's right > How are you handling this for other repos?...

Yeah I can definitely understand the thought behind this, but it doesn't really play nice with our tooling at the moment. You could consider using [gitattributes](https://git-scm.com/docs/gitattributes) to hide the diffs...

> the only change that I know of that will affect Dependabot PRs is that, when dealing with lock files including the sorbet family of gems, the new version of...

It's something that we hope to investigate in next couple of weeks, but I can't make any firm commitments on when it would land. We're very interested in supporting something...

This issue seems to be with Dependabot Alerts, which (admittedly confusingly) isn't powered by dependabot-core, Alerts have their own implementation of manifest detection and scanning. I know the team that...

I'm all for bumping the ruby version, @mattt's work on using ruby-install unblocks us, I think that's the main reason that we haven't done it yet, it should be a...