Dependabot keeps `@types` dependencies in sync with updated packages

Dependabot will now update @types dependencies alongside their corresponding packages in TypeScript projects.

Before this change, users would see separate pull requests for a package and its corresponding @types package. This could lead to packages and type definitions getting out of sync with one another, and require manual intervention. For example, if a project had dependencies on both jquery and @types/jquery, and a vulnerability triggered Dependabot to update jquery from 3.4.1 to 3.5.0, the package @types/jquery would remain at its original 3.4.x version.

Now, Dependabot can help TypeScript users keep their dependencies and @types packages up-to-date and in sync. When triggered to create an update, Dependabot will check if that package has a corresponding @types package. If so, Dependabot will update both the package and the corresponding @types package in a single PR. Or, if the @types package is no longer needed, that dependency will be removed instead.

The feature is automatically enabled on repositories containing @types packages in the project's devDependencies as listed in package.json. You can disable this behavior by setting the ignore field in your dependabot.yml file to @types/*. Let us know what you think in this feedback discussion.

Codespaces: Default Image Improvements

When you work in a codespace, the environment you are working in is created using a development container, hosted on a virtual machine. If you don’t define a configuration in your repository, GitHub creates a codespace using a default Linux image. This Linux image includes common languages and runtimes such as Python, Node.js, JavaScript, TypeScript etc. to help you get started with an environment that you can further customize or use as is based on your team’s needs.

‘Zero-configuration’ getting started experience for machine learning users

With this update, we’ve released a new version of the default image that enables a seamless getting started experience for machine learning scenarios:

  • The default image now has Jupyter pre-installed by default so that you can immediately run jupyter notebook or jupyter lab from the terminal to get started with your data science project.
  • The default image also has the following commonly used machine learning specific Python libraries pre-installed by default:
    • For numeric computing: numpy, pandas, scipy
    • For data visualizations: matplotlib, seaborn
    • For model building: scikit-learn, tensorflow, keras, torch
    • For data fetching: requests
  • Lastly, you can include any additional project-dependent Python packages in the requirements.txt file, and those will be automatically installed at a user scope when you create your codespace.

Additional updates

  • Alongside these improvements, the default image has been updated with the following tools to optimize for speed and costs associated with default codespaces. We’ve also updated the major version of the image to 2 since the removal of these toolsets introduces breaking changes. While some of the tools are not included by default anymore, you can always add these by creating your own devcontainer configuration.
    Tools added:
    • Node 14
    • Node 16
    • Python 3.9
    • Python 3.10
    • Conda 4.12
    • Java 11
    • Maven 3.8
    • Ruby 3.0
    • Ruby 3.1
    • PHP 8.0
    • PHP 8.1
    • PHP Composer 2.3
    • Hugo 0.96
    Tools removed:
    • Node 12
    • Python 3.8
    • Conda 4.8
    • .NET 5.0
    • Ruby 2.7
    • PHP 7.2
    • PHP 7.3
    • PHP Composer 2.0
    • Hugo 0.90
    • Maven 3.6
    • PowerShell
    • Az CLI
    • Rust
  • Lastly, as a part of this update, for tools that have LTS support (e.g. node, python), the default image will include the latest two LTS releases going forward.

To learn more, check out the latest Codespaces default image configuration.

See more

Enhanced 2FA experience for npm accounts: public beta

A variety of improvements to the npm 2FA experience are now in public beta, including:

  • Support for registering multiple second factors, such as security keys, biometric devices, and authentication applications
  • A new 2FA configuration menu to manage keys and recovery codes
  • Full CLI support for login and publish capabilities with physical security keys and biometric devices in npm 6 and higher
  • Ability to view and regenerate recovery codes

To learn more about configuring 2FA, see Configuring two-factor authentication.
To learn more about 2FA in general, see About two-factor authentication.
For questions and comments, open a discussion in our feedback repository.

See more
View all changes