From ce3d134ba7f1c52a6766eae74fa4e0ff4e0fc331 Mon Sep 17 00:00:00 2001
From: mc <42146119+mchammer01@users.noreply.github.com>
Date: Fri, 15 Mar 2024 21:26:25 +0000
Subject: [PATCH] Dependabot security updates will reference private registries
 even if a target-branch is specified - [GA] (#49494)

Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com>
---
 ...he-configuration-of-private-registries-for-dependabot.md | 3 +++
 .../dependabot-updates-reference-private-registries.yml     | 6 ++++++
 2 files changed, 9 insertions(+)
 create mode 100644 data/features/dependabot-updates-reference-private-registries.yml

diff --git a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md b/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
index 64936371b7..6bc4ae8f2e 100644
--- a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
+++ b/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
@@ -576,10 +576,13 @@ If you use the `replace-base` setting, you should also configure a remote reposi
 
 You can use a virtual registry to group together all private and public dependencies under a single domain. For more information, see [npm Registry](https://jfrog.com/help/r/jfrog-artifactory-documentation/npm-registry) in the JFrog Artifactory documentation.
 
+{% ifversion dependabot-updates-reference-private-registries %}{% else %}
+
 #### Limitations and workarounds
 
 The `target branch` setting does not work with {% data variables.product.prodname_dependabot_security_updates %}
  on Artifactory. If you get a 401 authentication error, you need to remove the `target-branch` property from your `dependabot.yml` file. For more information, see [ARTIFACTORY: Why GitHub Dependabot security updates are failing with 401 Authentication error, when it initiates a connection with Artifactory npm private registry for security updates](https://jfrog.com/help/r/artifactory-why-github-dependabot-security-updates-are-failing-with-401-authentication-error-when-it-initiates-a-connection-with-artifactory-npm-private-registry-for-security-updates/issue-description) in the JFrog Artifactory documentation.
+{% endif %}
 
 ### Azure Artifacts
 
diff --git a/data/features/dependabot-updates-reference-private-registries.yml b/data/features/dependabot-updates-reference-private-registries.yml
new file mode 100644
index 0000000000..098623cbd5
--- /dev/null
+++ b/data/features/dependabot-updates-reference-private-registries.yml
@@ -0,0 +1,6 @@
+# Reference: #13873
+# Dependabot security updates will reference private registries even if a target-branch is specified - [GA]
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.12'