Dependency graph now supports detecting Python dependencies in repositories that use the Poetry package manager. Dependencies will be detected from both pyproject.toml
and poetry.lock manifest files. We will detect dependencies from existing manifest files over the next few weeks, or sooner if the manifest file is updated.
If you are posting or editing a draft repository Security Advisory and the vulnerability impacts multiple packages and/or ecosystems, you can now identify all applicable affected products in the advisory.
In the past, users needed to publish multiple advisories for the same vulnerability because they could only select one ecosystem and package per advisory.
GitHub is where developers come to learn and celebrate what’s new in open source, and where maintainers share, collaborate and celebrate their community’s work. Starting today, two improvements to the release process on GitHub are generally available:
Learn more about auto-generated release notes.