Use Dependabot with vigilant mode

[Realiserad]

Select Topic Area

Question

Body

I have vigilant mode enabled on my account and all my commits show up as "Verified". Great!

However, when I accept a PR from Dependabot, the commit shows up as "Unverified". I checked the commit and it looks like its signed by GitHub. Shouldn't that count as verified, or do I need to change some setting on my project?

Thanks!

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬