diff --git a/data/reusables/dependabot/default-dependencies-allow-ignore.md b/data/reusables/dependabot/default-dependencies-allow-ignore.md
index a229a6340d..46368bacd4 100644
--- a/data/reusables/dependabot/default-dependencies-allow-ignore.md
+++ b/data/reusables/dependabot/default-dependencies-allow-ignore.md
@@ -1 +1 @@
-By default all dependencies that are explicitly defined in a manifest or lock file are kept up to date. You can use `allow` and `ignore` to customize which dependencies to maintain with version updates. {% data variables.product.prodname_dependabot %} checks for all allowed dependencies and then filters out any ignored dependencies or versions. So a dependency that is matched by both an `allow` and an `ignore` will be ignored.
+By default all dependencies that are explicitly defined in a manifest are kept up to date by {% data variables.product.prodname_dependabot %} version updates. In addition, {% data variables.product.prodname_dependabot %} security updates also update vulnerable dependencies that are defined in lock files. You can use `allow` and `ignore` to customize which dependencies to maintain. {% data variables.product.prodname_dependabot %} checks for all allowed dependencies and then filters out any ignored dependencies or versions. So a dependency that is matched by both an `allow` and an `ignore` will be ignored.