GitHub sends security alerts when vulnerabilities that affect your repository are detected, it is a good practice to keep all the dependencies updated, but, also, there are scenarios where you can't update the dependencies or simple, you want to omit them.
This guide shows the steps to how to disable security alerts on GitHub because you don't want to receive the notifications and stop declining pull request from the automated security updates generated.
Note: you need to have access as admin to the repository to disable the alerts.
A Note from GitHub:
When a new vulnerability is added to the GitHub Advisory Database, the platform identify public repositories (and private repositories that have opted in to vulnerability detection) that use the affected version of the dependency, send a security alert to repository maintainers, and generate an automated security update.
A simple way to check if you have the security alerts enable or disable is to navigate to the Security tab on your repository, then, click on the Alerts option (left menu).
- If you have the security alerts enable and you need to disable them, under your repository, click on the Settings tab (main menu)
If you don't see the option under the settings tab, it means that you don't have access as admin to the repository.
- Scroll down until find the subsection Data services
- Here, uncheck the option Security alerts
- wait until the green check is display after the label.
- Navigate to the Security tab and click on the Alerts option (left menu)
- You should receive now a message that says that Security Alerts are disabled.