We now group multiple Dependabot alerts together if they're discovered at the same time. This significantly reduces the volume of Dependabot alert notifications that users receive.

A user with admin permissions to a repository or who has been granted access to a repository's Dependabot alerts will receive a notification regarding Dependabot alerts when:

  • Dependabot is first enabled on a repository.
  • Vulnerable dependencies are added to a repository.
  • A new vulnerability is discovered and added to GitHub's Advisory Database. This will send a notification including all repositories in an organization.

The new notification format is automatically enabled for repositories where you receive Dependabot alert notifications. These apply to email, web, and mobile notifications.

Learn more about configuring your Dependabot alert notifications