Snyk submits a pull request proactively when a fix is available for a vulnerability within one of your dependencies. This will either be a patch or an upgrade for the dependency.
Snyk will also open a fix pull request when there is a better way to fix an issue that wasn't available previously. For example, there may have been a patch available for a vulnerability in a dependency, but once there is an upgrade available we will open a fix pull request to prompt you to start using the upgrade instead.
If you don't want Snyk to open pull requests automatically, you can disable them by going to
You can also open a fix pull request at any point in time by clicking 'Open a fix PR' from a project page. You will be able to select which vulnerabilities are fixed before opening the pull request.