diff --git a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md index e97299cc047a..854d068e81aa 100644 --- a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md +++ b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md @@ -233,7 +233,7 @@ By default, a group will include all types of dependencies. ### `patterns` and `exclude-patterns` (`groups`) -Both options support using `*` as a wild card to define matches with dependency names. +Both options support using `*` as a wild card to define matches with dependency names. If a dependency matches both a pattern and an exclude-pattern, then it is excluded from the group. ### `update-types` (`groups`) diff --git a/data/reusables/dependabot/private-dependencies-note.md b/data/reusables/dependabot/private-dependencies-note.md index bbe8c194ca62..00562456f472 100644 --- a/data/reusables/dependabot/private-dependencies-note.md +++ b/data/reusables/dependabot/private-dependencies-note.md @@ -1 +1 @@ -When running security or version updates, some ecosystems must be able to resolve all dependencies from their source to verify that updates have been successful. If your manifest or lock files contain any private dependencies, {% data variables.product.prodname_dependabot %} must be able to access the location at which those dependencies are hosted. Organization owners can grant {% data variables.product.prodname_dependabot %} access to private repositories containing dependencies for a project within the same organization. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private{% ifversion ghec or ghes %}-or-internal{% endif %}-dependencies)." You can configure access to private registries in a repository's `dependabot.yml` configuration file. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#configuration-options-for-private-registries)." +When running security or version updates, some ecosystems must be able to resolve all dependencies from their source to verify that updates have been successful. If your manifest or lock files contain any private dependencies, {% data variables.product.prodname_dependabot %} must be able to access the location at which those dependencies are hosted. Organization owners can grant {% data variables.product.prodname_dependabot %} access to private repositories containing dependencies for a project within the same organization. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private{% ifversion ghec or ghes %}-or-internal{% endif %}-dependencies). You can configure access to private registries in a repository's `dependabot.yml` configuration file. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot).