Skip to content

GitHub Marketplace – Verified apps are moving to the validated-publisher model

In February, we announced a simplified listing process for apps on the marketplace.
All "verified apps" on the marketplace are now updated to the validated publisher model. The listings have moved from the green-verified-checkmark verified badge to the marketplace badge indicating the publishers, and not apps, are scrutinized.
Existing subscriptions of the apps are not impacted.

image

Learn more

Dependency review now supports filtering and commit diffs

Dependency review, in beta, helps you review dependency changes in your pull requests. But how do you find your package manifests amongst all the other files? Now you can filter the files in pull requests to see just the package manifests:

Screenshot of pull request manifest filter

What if you don’t have a pull request at all? Now you can review dependency changes between any two commits, such as:

  • During the creation of a pull request,
  • When comparing two branches, tags, or specific commits, and
  • When viewing the history of a package manifest.

GIF of dependency review on commit diff

Learn more about reviewing dependency changes in pull requests.

See more

Grouped Dependabot alert notifications

We now group multiple Dependabot alerts together if they're discovered at the same time. This significantly reduces the volume of Dependabot alert notifications that users receive.

A user with admin permissions to a repository or who has been granted access to a repository's Dependabot alerts will receive a notification regarding Dependabot alerts when:

  • Dependabot is first enabled on a repository.
  • Vulnerable dependencies are added to a repository.
  • A new vulnerability is discovered and added to GitHub's Advisory Database. This will send a notification including all repositories in an organization.

The new notification format is automatically enabled for repositories where you receive Dependabot alert notifications. These apply to email, web, and mobile notifications.

Learn more about configuring your Dependabot alert notifications

See more
View all changes