Skip to content

Dependabot Preview is shutting down

As announced in April, Dependabot Preview is shutting down today, as it has been replaced by GitHub-native Dependabot.

To keep getting pull requests that update your packages, upgrade to GitHub-native Dependabot by merging the “Upgrade to GitHub-native Dependabot” pull request in your repository. This pull request, as well as any pull requests from the Dependabot Preview bot will remain open, but the bot itself will no longer work on your GitHub accounts and organizations.

If you have any questions or need help migrating, please contact GitHub Support.

Learn more about Dependabot in our documentation, or visit our public roadmap to see what’s next for Dependabot.

GitHub App user-to-server REST API requests now have read access to public resources

API requests made by a GitHub App on behalf of a user that has authorized the app are known as user-to-server requests.

The resources that can be accessed by these requests are constrained to the set of private resources that both the App and the authorizing user can access.

GitHub is now extending this access model, allowing user-to-server requests to also read public resources over the REST API. This includes, for example, the ability to list a public repository's issues and pull requests, and to access a public repository's comments and content.

Read more about authorizing GitHub Apps.

See more
View all changes