bdragon-org/dependabot-create-pull-requests-from-rules-2 Dependabot security updates: disabled Dependabot alerts: enabled Alert rules: Dismiss low-moderate alerts for npm dev dependencies Dismiss until patch then open PR for npm runtime dependencies Manifest files: packagejson package-lockjson dependency advisory severity affected patched rule expect PR? sails CVE-