Changelog summarized on user dashboards

The main github.com landing page for logged in users now includes a summary of the most recent posts from our Changelog – keeping you up to date with the latest features and improvements.

Screenshot showing a logged in users github.com page with the Changelog feed appearing in the right sidebar

The GitHub Enterprise Server 3.5 Release Candidate is available. New GitHub Advanced Security features are an exciting headline for this release alongside enhancements for enterprise administrators with Git events added to the audit log, the ability to analyze your Server usage over time, and a refinement of maintenance mode control. Read about these features and more in the full GitHub Enterprise Server 3.5 release notes.

Release Candidates are a way for you to try the latest features at the earliest time, and they help us gather feedback early to ensure the release works in your environment. They should be tested on non-production environments.

Download it today.

See more

Dependabot will now update @types dependencies alongside their corresponding packages in TypeScript projects.

Before this change, users would see separate pull requests for a package and its corresponding @types package. This could lead to packages and type definitions getting out of sync with one another, and require manual intervention. For example, if a project had dependencies on both jquery and @types/jquery, and a vulnerability triggered Dependabot to update jquery from 3.4.1 to 3.5.0, the package @types/jquery would remain at its original 3.4.x version.

Now, Dependabot can help TypeScript users keep their dependencies and @types packages up-to-date and in sync. When triggered to create an update, Dependabot will check if that package has a corresponding @types package. If so, Dependabot will update both the package and the corresponding @types package in a single PR. Or, if the @types package is no longer needed, that dependency will be removed instead.

The feature is automatically enabled on repositories containing @types packages in the project's devDependencies as listed in package.json. You can disable this behavior by setting the ignore field in your dependabot.yml file to @types/*. Let us know what you think in this feedback discussion.

See more