Dependabot version updates now support
npm v7 uses the new lockfile format (
"lockfileVersion": 2). Dependabot will now respect this new format if you have installed with
When you create a Security Advisory to disclose a vulnerability in your repository, in addition to severity, you can now include the CWE and the CVSS score of the vulnerability.
Security Advisories published by maintainers, as well as other curated vulnerabilities in GitHub's Advisory Database, now appear with CWE and CVSS information.
CWEs provide a consistent way of referring to software weaknesses, and CVSS scores provide more detail on why a vulnerability is a given severity.
To see CWE and CVSS information for an advisory, click on the advisory in the Advisory Database.