ADependabot alertis only marked asresolvedwhen the related vulnerability is no longer present in your code — specifically after youmerge a pull requestthat updates the vulnerable dependency.
Simply viewing alerts or graphs doesnotaffect their status. Ignoring the alert by leaving the repo unchanged keeps the vulnerability active and unresolved.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit