Get a diff of the dependencies between commits should explain why it doesn't work for public forks of repositories without dependency graphs enabled

[jsoref]

Code of Conduct

• I have read and agree to the GitHub Docs project's Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/rest/dependency-graph/dependency-review?apiVersion=2022-11-28

What part(s) of the article would you like to see updated?

https://docs.github.com/en/rest/dependency-graph/dependency-review?apiVersion=2022-11-28#get-a-diff-of-the-dependencies-between-commits--status-codes

Status code	Description
403	Response if GitHub Advanced Security is not enabled for this repository

Here's a public repository using the api:

$ gh api /repos/check-spelling/check-spelling/dependency-graph/compare/HEAD...HEAD~
[]

(I presume that's a 200)

Here's a public fork of the above repository:

$ gh api /repos/check-spelling-sandbox/check-spelling/dependency-graph/compare/HEAD...HEAD~
{
  "message": "Forbidden",
  "documentation_url": "https://docs.github.com/rest",
  "status": "403"
}
gh: Forbidden (HTTP 403)

The docs say that this only happens when Advanced Security is not enabled. Conceptually, Advanced Security is only required for private repositories.

Additional information

Related to:

• REST API endpoints for dependency submission doesn't explain how to enable dependencies #36123

As with that item, the help needs to suggest enabling the feature...

[github-actions]

Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert 👀

[subatoi]

Many thanks @jsoref—I'll get this triaged and reviewed appropriately