Comment by WorldMaker

It seems like there's recently been a lot of work to better align Dependabot with the rest of GitHub Advanced Security. I've just started seeing Dependabot alerts showing up in the Security Tab instead of directly to PRs, moving the "make a PR" to a button inside the alert, but also more buttons now to ignore the alert. The alert is also better about showing the root dependency that brought in the alerted dependency. Overall, this seems an improvement over spamming PRs that I may not care about, though yes the PRs when you do click the "Create PR" button are just as anemic and specific to the low-level dependency as they always were, for now. I'm surprised there's not yet a "Start Copilot PR" version of that same button, but I'm guessing that's also what they've been working on over other features to the existing PR tool.