About automatic pull requests
Veracode Software Composition Analysis (SCA) agent-based scanning supports automatically generating pull requests of GitHub and GitLab repositories to fix vulnerabilities identified in agent scans.
Using the information the update advisor identifies, the automatic pull requests modify package dependency files and update the libraries to the next closest safe version.
If the recommended safe version is a major version, and you do not want to update your application, Veracode recommends that you ignore the pull request.