Dependabot alerts: persisted after fix, now one per advisory

Today, we’re shipping improvements to Dependabot alerts that help you more easily understand and remediate vulnerabilities from dependencies in your codebase.

Persisted Dependabot alerts

Developers can now view alerts that have been fixed in the Dependabot alerts UI.

Included changes:

  • Starting today, fixed Dependabot alerts will now persist and continue to appear under the “closed” tab in the UI
  • All individual alerts now have unique numeric identifiers.

Ungrouped alerts

Previously, Dependabot alerts displayed multiple security advisories grouped by package. Dependabot alerts will now represent a single advisory, rather than being grouped by package.

Included changes:

  • Alerts are now displayed individually (one per advisory and manifest)
  • Previous alert details pages will redirect to a filtered list view by the package name
  • Alert titles will now be more useful to developers and show information about the advisory, rather than just the package name.

This update will not affect Dependabot alert email digests or notifications, Dependabot pull requests, or the GraphQL API.

Learn more about the improvements we’re making to Dependabot alerts in our latest blog post, or read our documentation.

A light high contrast theme, with greater contrast between foreground and background elements, is now generally available to all github.com users. Navigate to the "Appearance" page in your profile settings to choose the light high contrast theme.

A VS Code light high contrast theme matching the official github.com theme is also now generally available. To start using the new theme, go to the VS Marketplace, click on the "Install" button, and select your preferred theme in VS Code.

Share feedback

appearance settings with new light high contrast theme

See more