Dependabot security updates will reference private registries even if a target-branch is specified - [GA] (#49494)

Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com>
2026-01-07 09:01:31 -05:00 · 2024-03-15 21:26:25 +00:00
parent 3346b3e3cf
commit ce3d134ba7
2 changed files with 9 additions and 0 deletions
--- a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
+++ b/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
@@ -576,10 +576,13 @@ If you use the `replace-base` setting, you should also configure a remote reposi

 You can use a virtual registry to group together all private and public dependencies under a single domain. For more information, see [npm Registry](https://jfrog.com/help/r/jfrog-artifactory-documentation/npm-registry) in the JFrog Artifactory documentation.

+{% ifversion dependabot-updates-reference-private-registries %}{% else %}
+
 #### Limitations and workarounds

 The `target branch` setting does not work with {% data variables.product.prodname_dependabot_security_updates %}
 on Artifactory. If you get a 401 authentication error, you need to remove the `target-branch` property from your `dependabot.yml` file. For more information, see [ARTIFACTORY: Why GitHub Dependabot security updates are failing with 401 Authentication error, when it initiates a connection with Artifactory npm private registry for security updates](https://jfrog.com/help/r/artifactory-why-github-dependabot-security-updates-are-failing-with-401-authentication-error-when-it-initiates-a-connection-with-artifactory-npm-private-registry-for-security-updates/issue-description) in the JFrog Artifactory documentation.
+{% endif %}

 ### Azure Artifacts