Merge pull request #128 from githubtraining/notice-alerts

Puts in right spot - Notice alerts

Author: brianamarie

responses/01a_class-introduction-issue.md

@@ -16,14 +16,6 @@ In this course you will learn how to:
 
 For this course, you'll need to be comfortable with the GitHub Flow. If you need a refresher on the GitHub flow, check out the [the Introduction to GitHub course]({{ host}}/courses/introduction-to-github).
 
-### Vulnerability alerts
-
-You may have already noticed some alerts from GitHub about this repository. You may have gotten an email, or seen a yellow bar warning you about the `package.json` file.
-
-![dependency vulnerability alert](https://user-images.githubusercontent.com/9906718/46882979-c275b680-ce50-11e8-9f47-2081daf20b98.png)
-
-We will be addressing these alerts throughout this course, so it's okay to ignore them for now.
-
 ## Step 1: Your project on GitHub Pages
 
 This project is centered around a memory game that will be deployed with GitHub Pages.

responses/02_find-vulnerabilities.md

@@ -11,6 +11,11 @@ This repository is a Node.js project utilizing NPM. Because of that, the `packag
 How can we know these dependencies are secure? It's not always easy, but GitHub is watching out.
 
 ### GitHub's security alerts for vulnerable dependencies
+
+You may notice some alerts from GitHub about this repository. You may get an email, or see a yellow bar warning you about the `package.json` file.
+
+![dependency vulnerability alert](https://user-images.githubusercontent.com/9906718/46882979-c275b680-ce50-11e8-9f47-2081daf20b98.png)
+
 GitHub tracks public vulnerabilities in Ruby gems, NPM, Python, Java, and .Net packages.
 
 GitHub receives a notification of a newly-announced vulnerability. Next, we check for repositories that use the affected version of that dependency. We send security alerts to a set of people within those affected repositories. The owners are contacted by default. But, it's possible to configure specific teams or individuals to get these important notifications.