Dependabot: `go mod tidy` and `vendor` support

Dependabot version updates now run the go mod tidy command during every update, which helps keep your go.mod file well-organized and free of stale module versions.

If your repository vendors its dependencies with go mod vendor, Dependabot now respects that configuration during version updates. No changes to the configuration file are required.

We changed the GitHub Actions self-hosted runner group default access to disable "Allow public repositories." This change impacts runner groups created before Sep 4, 2020 and changes those runner groups to a more secure default.

GitHub does not recommend the use of self-hosted runners with public repositories. If you are aware of the risks, and you choose to run workflows on your public repositories, you can update your runner group access to “Allow public repositories.”

Learn more about managing access to self-hosted runners.

See more

You can now change the maximum retention days for artifacts and logs in GitHub Actions, allowing you to better manage your storage space and to comply with your organizational retention policies.

With custom retention days, you can delete artifacts and logs sooner than the existing default of 90 days. Optionally, for private, internal and GitHub Enterprise repositories, you can retain artifacts and logs for over a year.

Retention days can be defined in the Actions Settings or in the YAML at an enterprise, organization, repository, or an individual artifact level.

Here’s an example of changing retention days in Actions Settings and in the YAML:

- uses: actions/upload-artifact
  with:
    name: my-artifact
    path: ./my_path
    retention-days: 30

Learn more about custom artifacts and log retention days and visit the GitHub Actions community forum for questions.

See more