Skip to content

Dependabot: `npm` v7 support

Dependabot version updates now support npm v7.

Note that npm v7 uses the new lockfile format ("lockfileVersion": 2). Dependabot will now respect this new format if you have installed with npm v7.

To enable version updates for npm, check in a dependabot.yml file with the specified package-ecosystem.

Pull request auto-merge is now generally available

Pull request auto-merge is now generally available on GitHub and through GitHub Mobile.

With auto-merge, pull requests can be set to merge automatically when all merge requirements are met. No more waiting on slow CI jobs or tests to finish just so you can click the merge button!

To use auto-merge, first have an administrator allow auto-merge in the repository settings.

Then to enable auto-merge, navigate to the pull request on GitHub.com or GitHub Mobile and tap the button to enable.

PR auto-merge in action

Note that auto-merge can only be enabled by users with permission to merge and when there are unsatisfied merge requirements, like missing approvals or failing required status checks.

GraphQL APIs will be rolling out later this week. The pull request webhook event also now includes actions that indicate when auto-merge is enabled or disabled.

Learn more about pull request auto-merge

See more

Audit Log Git events and REST API are now in public beta

In December 2020 we announced a limited beta of the new Audit Log Git events and REST API. We have now enabled these features in beta for all GitHub Enterprise Cloud customers. Your enterprise and organization administrators can now call the REST API and view Git events without needing to request access to the beta.

To get started, check out our Audit Log REST API documentation. Note, Git events can only be viewed via the REST API or the Git events export button.

See more
View all changes