Dependabot security updates now supports the GitHub Actions ecosystem, making it easier for you to fix vulnerable GitHub Actions dependencies. With security updates enabled, Dependabot will automatically raise a pull request to update vulnerable GitHub Actions used in your workflows to the minimum patched version.
Dependabot expands its existing Hex private registry support beyond Hex organizations by adding support for self-hosted Hex repositories. You can configure your self-hosted Hex package repository as a private registry for use with Dependabot version updates. Special thanks to @sorentwo for their contribution to Dependabot!
Learn more about configuring Dependabot version updates and its supported ecosystems and package managers.
You can now enable and disable the following GitHub security features for a single repository from the organization-level security coverage view:
If you are a GitHub Advanced Security customer, you can also enable and disable the following features for a single repository:
In the future, you'll be able to enable and disable multiple repositories from the coverage view.
Learn more about the new coverage view and send us your feedback
Learn more about GitHub Advanced Security