When does Github fix pull requests get opened?
Snyk submits a pull request proactively when a fix is available for a vulnerability within one of your dependencies. This will either be a patch or an upgrade for the dependency.
Snyk will also open a fix pull request when there is a better way to fix an issue that wasn't available previously. For example, there may have been a patch available for a vulnerability in a dependency, but once there is an upgrade available we will open a fix pull request to prompt you to start using the upgrade instead.
If you don't want Snyk to open pull requests automatically, you can disable them by going to
- Edit settings for the GitHub Integration
- Deselect the 'Enable automatic pull requests for all projects in this organisation' setting and click 'update settings'
You can also open a fix pull request at any point in time by clicking 'Open a fix PR' from a project page. You will be able to select which vulnerabilities are fixed before opening the pull request.