Dependabot alerts can give you a superpower–the ability to secure your project by keeping dependency-based vulnerabilities out of your code. However, while all potential vulnerabilities can be an issue and warrant attention, not all vulnerabilities pose equal risk to your project.
Full article