When resolving security alerts for vulnerable transitive npm dependencies, it is possible that updating a direct dependency will remove the vulnerable transitive dependency from the tree. Dependabot can now resolve these security alerts by creating a pull request that removes the unnecessary transitive dependency.
Improvements to audit log search
We've made some improvements to audit log search to make it easier to discover events. Since audit log events are found through key:value pairs, we now show you a list of possible options to choose from.
We've also linked to our documentation in the filter dropdown so that you can more easily discover all the possible options for audit log queries.
To learn more about how to query the audit log, check out our documentation, "About search for the enterprise audit log".
You can now display your local timezone on your profile to give others an idea of when to expect responses to pull requests or issues from you. You can opt into this feature by navigating to Settings > Public Profile and checking Display current local time. You can also update this information directly from your profile by clicking 'Edit Profile' under your avatar.
This will display your timezone in the left sidebar of your profile as well as your timezone's current deviation from UTC. When other users see your profile or user hovercard, they'll see your timezone as well as how many hours behind or ahead they are from your local time.
