It seems like there's recently been a lot of work to better align Dependabot with the rest of GitHub Advanced Security. I've just started seeing Dependabot alerts showing up in the Security Tab instead of directly to PRs, moving the "make a PR" to a button inside the alert, but also more buttons now to ignore the alert. The alert is also better about showing the root dependency that brought in the alerted dependency. Overall, this seems an improvement over spamming PRs that I may not care about, though yes the PRs when you do click the "Create PR" button are just as anemic and specific to the low-level dependency as they always were, for now. I'm surprised there's not yet a "Start Copilot PR" version of that same button, but I'm guessing that's also what they've been working on over other features to the existing PR tool.

Yeah pretty sure it's abandonware.

I was expecting it to be replaced once they announced they were integrating Endor Labs into their GitHub Advanced Security enterprise offerings but all the news I've heard since that announcement has been focused on merging into Microsoft & AI-related layoffs so I presume someone just forgot to turn the Dependabot light off as they were leaving.