ci(fix-security-vulnerability): Be specific about how to fetch the alert page (#19414)

nicohrubec · web-flow · commit dbf8476d7d8d · 2026-02-19T14:59:24.000+01:00
Closes #19415 (added automatically)
diff --git a/.github/workflows/fix-security-vulnerability.yml b/.github/workflows/fix-security-vulnerability.yml
@@ -36,6 +36,11 @@ jobs:
 
             IMPORTANT: Do NOT dismiss any alerts. Do NOT wait for approval.
 
+            IMPORTANT: To fetch the alert, use EXACTLY this command format (replacing <number> with the alert number):
+              gh api repos/getsentry/sentry-javascript/dependabot/alerts/<number>
+            Do NOT use --paginate, query parameters, GraphQL, curl, or any other approach.
+            Your allowed tools are narrowly scoped - only the exact command patterns listed will be permitted.
+
             If you can fix the vulnerability:
               Create a branch named fix/security-<alert-number>, apply the fix, and open a PR with your analysis
               in the PR description. Target the develop branch.
