The dependency graph now supports detecting Rust (Cargo.{toml,lock}
) files. These will be displayed within the dependency graph section in the Insights tab. Users will receive Dependabot alerts and updates for vulnerabilities associated with their Rust dependencies. Package metadata, including mapping packages to repositories, will be added at a later date.
Improvements for community contributions
In February 2022, we launched a new feature called community contributions to security advisories.
We have made a handful of changes to the UX based on your feedback:
- Fixed the breadcrumb on unreviewed advisories to more clearly display they are unreviewed.
- Hid the link to submit a community contribution when it is not possible due to OSV constraints.
- Added an information icon clarifying that not all ecosystems are supported.
- Updated the auto-generated PR title to the format "[GHSA-####-####-####] Advisory Name" to be clearer on which advisory its for.
- Fixed a bug that was adding unnecessary noise to the PR diff.
- Added function to auto-post an affirming comment when a contribution is accepted.
- Learn more about the GitHub Advisory Database
- Learn more about GitHub community contributions