We've integrated Dependabot with GitHub's Security Alerts. Now when you receive a security alert from GitHub you can expect a PR from Dependabot that fixes it soon after.
Dependabot has automatically responded to security advisories since April, when we integrated with sources for Ruby, Rust and PHP vulnerability alerts. Since then we've also added a JS source, and created an Elixir one.
Integrating with GitHub's Security Alerts gives us another great data source that is expanding fast and has a fantastic team behind it. We owe a huge debt of thanks to GitHub for making the data available - it's another significant contribution to the open source community from a company that already does so much.
Stay safe out there!