Skip to content

Assign a GitHub team to review Dependabot pull requests

You can now assign Dependabot-created pull requests to a team for review. Use the @dependabot use these reviewers command in any Dependabot pull request, or configure the default reviewer to be a team using the reviewers option in the new Dependabot config file.

Learn more about GitHub-native Dependabot on the GitHub blog

Pull request commits now ordered chronologically

We are changing the way commits are ordered in the pull request timeline and commits view. Commits are currently ordered by author date, which can cause commits to appear out of order in some scenarios, like after rebasing. With this change, commits are ordered according to their chronological order in the head branch, which is consistent with the ordering in Git.

This ordering is also reflected in the List commits on a pull request REST API and PullRequest object's timeline connection in GraphQL.

Learn more about pull requests

See more

Enable Dependabot, dependency graph, and other security features across your organization

You can now enable or disable the dependency graph, Dependabot alerts, Dependabot security updates, and secret scanning for all repositories in an organization with one click. You can also set whether each feature will be enabled or disabled for newly-created repositories. Look for the "Security & analysis" tab in your organization settings page and on your user settings page.

In addition, we've consolidated the repository-level settings for dependency graph, Dependabot alerts, Dependabot security updates, and secret scanning to a "Security & analysis" tab in the repository settings page.

Learn more in the docs

See more
View all changes