Dependabot alerts: page refresh after PR generation, suggest improvements to an advisory, and more!

We’ve been responding to your feedback – here’s a recap of some changes recently made to Dependabot alerts.

  • Dependabot Alerts details pages now auto-magically refresh after PR generation attempts are completed, rather than spinning forever
  • Alerts are more accurately mapped to Dependabot pull requests
  • Labels in the Dependabot Alerts row page now act as filters
  • You can now suggest improvements to an advisory directly from the alert details page (shown below).

Suggest improvements from a Dependabot alert

Let us know of other improvements you’d like to see in our GitHub community discussion page.

GitHub Advanced Security customers can now view a timeline of actions taken on a secret scanning alert, including when a contributor bypassed the push protection on a secret. Users can also now add an optional comment when closing an alert via the UI or the API.

secret-scanning-timeline-comment-on-close

For more information:

See more

In February 2022, we launched a new feature called community contributions to security advisories. We've continued to iterate on this feature, and recently released more improvements:

  • You're now prompted to add a reason for the change, so your contribution can be reviewed more quickly.
  • You can now submit a contributions without reference links getting reordered in the diff.
  • You can now click through to relevant docs from the advisories page.
  • You can overall enjoy a cleaner UX experience through a handful of other small fixes.

Further reading:

See more