Skip to content

Dependabot security updates removes unneeded transitive dependencies

When resolving security alerts for vulnerable transitive npm dependencies, it is possible that updating a direct dependency will remove the vulnerable transitive dependency from the tree. Dependabot can now resolve these security alerts by creating a pull request that removes the unnecessary transitive dependency.

You can now display your local timezone on your profile to give others an idea of when to expect responses to pull requests or issues from you. You can opt into this feature by navigating to Settings > Public Profile and checking Display current local time. You can also update this information directly from your profile by clicking 'Edit Profile' under your avatar.
local timezone setting

This will display your timezone in the left sidebar of your profile as well as your timezone's current deviation from UTC. When other users see your profile or user hovercard, they'll see your timezone as well as how many hours behind or ahead they are from your local time.
local timezone display on profile

Learn more about personalizing your profile.

See more

You can now programmatically view and act on Dependabot alerts via the REST API. New endpoints to view, list, and update Dependabot alerts are available in a public beta.

For more information, see Dependabot alerts in the REST API reference or learn more about Dependabot alerts in our documentation.

See more