{% data variables.product.prodname_dependabot %} will only create {% data variables.product.prodname_dependabot_alerts %} for vulnerable {% data variables.product.prodname_actions %} that use semantic versioning. You will not receive alerts for a vulnerable action that uses SHA versioning. If you use {% data variables.product.prodname_actions %} with SHA versioning, we recommend enabling {% data variables.product.prodname_dependabot_version_updates %} for your repository or organization to keep the actions you use updated to the latest versions.