Update to 3 in STEP and README.md

.github/steps/-step.txt

@@ -1 +1 @@
-2
+3

README.md

@@ -13,52 +13,24 @@ _Secure your supply chain, understand dependencies in your environment, know abo
 
 </header>
 
-## Step 2: Enable and view Dependabot alerts
+## Step 3: Enable and trigger Dependabot security updates
 
-_Nice work! :tada: You added and viewed a dependency using Dependency graph!_
+_Nice work enabling, viewing, and creating Dependabot alerts :sparkles:_
 
-Given how many dependencies our repository uses, maintaining them needs to become an automated task. Keeping our code secure is a top priority, so the first thing we need to do is set up a way to be notified when a dependency we are using is vulnerable or malware. We can do this by enabling Dependabot alerts.
+Enabling Dependabot alerts on our repository was a great step toward improving our code security, but we still had to manually select an alert and then manually select the option to create the pull request. It would be nice to further improve the automation and maintenance of our dependencies! Well, with Dependabot security updates, we can do just that.
 
-**What are Dependabot alerts?**: Dependabot alerts tell you that your code depends on a package that is insecure. These Dependabot alerts reference the [GitHub Advisory Database](https://github.com/advisories), which contains a list of known security vulnerabilities and malware, grouped in two categories: **GitHub reviewed advisories** and **unreviewed advisories**.
+**What are Dependabot security updates?**: When this feature is enabled, Dependabot detects *and* fixes vulnerable dependencies for you by opening pull requests automatically to resolve Dependabot alerts.
 
-If your code depends on a package that has a security vulnerability, this can cause a range of problems for your project or the people who use it. You should upgrade to a secure version of the package as soon as possible. If your code uses malware, you need to replace the package with a secure alternative.
+We manually created a pull request to fix the "Prototype Pollution in minimist" alert, but let's enable Dependabot security updates to automate this process for future alerts!
 
-Let's try this out with our newly added `follow-redirects` dependency!
+### :keyboard: Activity 3.1: Enable and trigger Dependabot security updates
 
-### :keyboard: Activity 2.1: View security advisories in the GitHub Advisory Database
+1. Navigate to the **Settings** tab and select **Code security and analysis**.
+1. Enable Dependabot security updates. You may need to wait 30-60 seconds before you see any new pull requests.
+1. Navigate to the **Pull requests** repository tab and select the newly created pull request that updates axios from version 0.21.1 to a patched version.
+1. Review and merge the pull request.
 
-1. Navigate to [GitHub Advisory Database](https://github.com/advisories).
-1. Type or paste `follow-redirects` into the advisory search box.
-1. Click on any of the advisories that were found to see more information.
-1. You'll see the packages, impact, patches, workaround, and references for the advisory.
-
-Notice the long list of advisories for our dependency! This can look scary but it's actually a good thing. It means that our dependency is actively being maintained and patches are being pushed to remove the vulnerability. If we had Dependabot alerts enabled, we could receive alerts when we need to update a dependency and act promptly to secure them.
-
-Let's enable Dependabot alerts on our repository!
-
-### :keyboard: Activity 2.2: Enable Dependabot alerts
-
-1. Navigate to the **Settings** tab.
-1. Display the settings for **Code security and analysis**.
-1. **Enable** Dependabot alerts.
-1. **Wait about 60 seconds for Dependabot to check for alerts.**
-1. Navigate to the **Security** tab.
-1. Under "Vulnerability alerts" in the side bar, select **Dependabot** to view a list of the Dependabot alerts for the default branch.
-
-Dependabot has alerted us to vulnerabilities in the dependencies that we use. We can also use Dependabot to help us address these vulnerabilities by creating pull requests to update the dependency to a safe version.
-
-Let's see how this would work by using Dependabot to create a pull request for one of the alerts!
-
-### :keyboard: Activity 2.3: Create a pull request based on a Dependabot alert
-
-1. In the list of Dependabot alerts, click the "Prototype Pollution in minimist" to display more information.
-1. Click the **Create Dependabot security update** button to create a pull request to update the dependency. This could take up to 2 minutes.
-1. When the pull request is open, the alert page is updated to show a **Review security update** button.
-1. Click the **Review security update** button to display the pull request.
-   - You can view the pull request and **Files changed** tab to review the update.
-1. Navigate back to the **Conversation** tab and merge the pull request.
-
-Wait about 20 seconds then refresh this page (the one you're following instructions from). [GitHub Actions](https://docs.github.com/en/actions) will automatically update to display the next step.
+Wait about 20 seconds then refresh this page (the one you're following instructions from). [GitHub Actions](https://docs.github.com/en/actions) will automatically update this page to display the next step.
 
 <footer>