Today, we’re shipping improvements to Dependabot alerts that help you more easily understand and remediate vulnerabilities from dependencies in your codebase.
Persisted Dependabot alerts
Developers can now view alerts that have been fixed in the Dependabot alerts UI.
Included changes:
- Starting today, fixed Dependabot alerts will now persist and continue to appear under the “closed” tab in the UI
- All individual alerts now have unique numeric identifiers.
Ungrouped alerts
Previously, Dependabot alerts displayed multiple security advisories grouped by package. Dependabot alerts will now represent a single advisory, rather than being grouped by package.
Included changes:
- Alerts are now displayed individually (one per advisory and manifest)
- Previous alert details pages will redirect to a filtered list view by the package name
- Alert titles will now be more useful to developers and show information about the advisory, rather than just the package name.
This update will not affect Dependabot alert email digests or notifications, Dependabot pull requests, or the GraphQL API.
Learn more about the improvements we’re making to Dependabot alerts in our latest blog post, or read our documentation.
