As previously announced, the npm registry now requires TLS 1.2 or higher for all requests, including package installation.
Dependency review is generally available
Dependency review is now generally available for all public repositories and for private repositories with GitHub Advanced Security enabled. Dependency review helps you understand dependency changes and the security impact of these changes when reviewing pull requests. It provides an easily understandable visualization of dependency changes with a rich diff on the "Files Changed" tab of a pull request and shows:
- Which dependencies were added, removed, or updated, along with the release dates.
- How many projects use these dependencies.
- Vulnerabilities being introduced by the added or updated dependencies.
Learn more about dependency review
Learn more about GitHub Advanced Security
Now available in public beta, you can reuse entire workflows as if they were an action. Instead of copying and pasting workflow definitions across repositories, you can now reference an existing workflow with a single line of configuration.
Reusing workflows are great for reducing configuration. Here’s a few examples:
- Create a workflow for building your homegrown framework so your users can quickly setup CI
- Create a workflow to deploy to production, and reference it from each repository of your microservice application
- Create a workflow to roll up end-of-sprint metrics, and encourage every team to add it to their repository
Learn more about reusing workflows.
For questions, visit the GitHub Actions community.
To see what's next for Actions, visit our public roadmap.