Private repository secret scanning API

GitHub Advanced Security customers can now view and resolve private repository secret scanning results via the GitHub REST API. In addition, a webhook is available whenever a new committed secret is detected. The new API endpoints and webhooks will be in beta until early next year.

For more information:

Dependabot already updates your public dependencies, such as open source dependencies from a public GitHub repository, npm, Maven Central, or similar. Now, you can also update dependencies from private GitHub repositories. This feature is available for most package managers supported by Dependabot version updates, except bundler, hex, and pip.

To get started, grant Dependabot access to some or all of your private repositories on your organization's security & analysis settings page: https://github.com/organizations/YOUR-ORGANIZATION/settings/security_analysis.

Learn more about Dependabot version updates

See more

READMEs for npm packages on npmjs.com are now rendered using GitHub Flavored Markdown.

npmjs.com was using a custom markdown renderer not fully compatible with GitHub Flavored Markdown. This difference meant a README displayed on npmjs.com did not necessarily match the README displayed on GitHub. Aligning to use the GitHub Flavored Markdown renderer ensures that your README is rendered the same on both sites.

All newly published packages are now rendered with GitHub Flavored Markdown; packages previously published to npmjs.com will be re-rendered over time.

See more