When does Github fix pull requests get opened?
Snyk submits a pull request proactively when a fix is available for a vulnerability within one of your dependencies. This will either be a patch or an upgrade for the dependency.
Snyk will also open a fix pull request when there is a better way to fix an issue that wasn't available previously. For example, there may have been a patch available for a vulnerability in a dependency, but once there is an upgrade available we will open a fix pull request to prompt you to start using the upgrade instead.
If you do not want Snyk to open pull requests automatically, you can disable them by going to
- Click on settings
> Integrations. - Click Edit settings for the GitHub Integration.
- In the Automatic pull requests section, deselect the Enable automatic pull requests for all projects in this organisation setting
- Click Update settings.
You can also open a fix pull request at any point in time by clicking Open a fix PR from a project page. You can select which vulnerabilities are fixed before opening the pull request.