See comment in the github action that explains why I think this is helpful: > the benefit of this over dependabot is that this also analyzes transitive dependencies > while dependabot (at least currently) only analyzes top-level dependencies
Trask Stalnaker