NuGet feed URL https://nuget.pkg.github.com breaks Dependabot, should org-scoped URL be documented? #43529
Description
Code of Conduct
- I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
Defining registry access for code scanning default setup
What changes are you suggesting?
The documentation states that https://nuget.pkg.github.com/ should be used as NuGet feed URL for Dependabot.
However, this base URL causes HTTP 405 errors when Dependabot attempts to resolve packages, resulting in partial updates, only projects that don't reference private packages get updated, while others are silently skipped.
When the URL is changed to the org-scoped format https://nuget.pkg.github.com/{org}/index.json, Dependabot resolves packages correctly and all projects are updated as expected.
Should the documentation recommend the org-scoped URL instead?
Additional information
Reproduced on internal repositories using GitHub Packages as a private NuGet registry within a GitHub organization.
proxy | GET https://nuget.pkg.github.com:443/FindPackagesById()?id='Intility.Logging.AspNetCore'&semVerLevel=2.0.0
proxy | 405 https://nuget.pkg.github.com:443/FindPackagesById()...
proxy | error unmarshalling xml response (https://nuget.pkg.github.com/): XML syntax error on line 27: attribute name without = in element