New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft GH-500 Exam - Topic 3 Question 10 Discussion

Actual exam question for Microsoft's GH-500 exam
Question #: 10
Topic #: 3
[All GH-500 Questions]

-- [Configure and Use Dependency Management]

You have enabled security updates for a repository. When does GitHub mark a Dependabot alert as resolved for that repository?

Show Suggested Answer Hide Answer
Suggested Answer: D

A Dependabot alert is marked as resolved only after the related pull request is merged into the repository. This indicates that the vulnerable dependency has been officially replaced with a secure version in the active codebase.

Simply generating a PR or passing checks does not change the alert status; merging is the key step.


by Deeanna at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium GH-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Brendan
17 days ago
A) When Dependabot creates a pull request to update dependencies. That's the whole point, right? The alert is resolved once the PR is opened.
upvoted 0 times
...
Arlette
22 days ago
B) When you dismiss the Dependabot alert. Why bother with all that pull request nonsense, just get rid of the alert and move on.
upvoted 0 times
...
Kenny
28 days ago
C) When the pull request checks are successful. Merging the PR is just the final step, the alert should be marked as resolved once the checks pass.
upvoted 0 times
...
Beatriz
1 month ago
D) When you merge a pull request that contains a security update. That's the only way to truly resolve the Dependabot alert.
upvoted 0 times
...
Francoise
1 month ago
I recall that merging is key for resolving alerts, so I would go with D, but I’m not 100% confident.
upvoted 0 times
...
Lavina
1 month ago
I practiced a similar question, and I feel like the pull request checks need to be successful first, so maybe C is the answer?
upvoted 0 times
...
Jesusita
2 months ago
I’m not entirely sure, but I remember something about dismissing alerts. Could it be B?
upvoted 0 times
...
Marjory
2 months ago
I think Dependabot marks the alert as resolved when you merge a pull request that contains a security update, so I’m leaning towards D.
upvoted 0 times
...
Chantell
2 months ago
I feel pretty confident about this one. The question is asking when GitHub marks the alert as resolved, and that happens when the pull request with the security update is merged. I'm going with D.
upvoted 0 times
...
Monte
2 months ago
Okay, let me think this through. I know Dependabot creates a pull request to update dependencies, so that's not the answer. And dismissing the alert doesn't actually fix the issue. I'm leaning towards D, but I want to double-check the details.
upvoted 0 times
...
Lauran
2 months ago
Hmm, I'm not sure about this one. I'll need to review the Dependabot documentation again to make sure I understand when the alerts get resolved.
upvoted 0 times
...
Tom
2 months ago
I think the answer is D. When you merge a pull request that contains a security update, that's when GitHub marks the Dependabot alert as resolved.
upvoted 0 times
...

Save Cancel