
Unlocking security updates for transitive dependencies with npm
How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.
As of yesterday we've updated our SSL setup on the systems that serve traffic for GitHub. The changes introduce support for Forward Secrecy and Authenticated Encryption Ciphers. So what is…
As of yesterday we’ve updated our SSL setup on the systems that serve traffic for GitHub. The changes introduce support for Forward Secrecy and Authenticated Encryption Ciphers.
So what is Forward Secrecy? The EFF provides a good explanation of what it is and why it is important. Authenticated Encryption means that we provide ciphers that are much less vulnerable to attacks. These are already supported in Chrome.
Also check SSL Labs if you want to know more details of the setup we’ve deployed.
Since this article was published, we’ve also written a more extensive post on what we’ve done.