Personalize your feed with activity filters, now available on GitHub Mobile!
Read more about GitHub Mobile and send us your feedback to help us improve.
Dependabot now supports security updates for Dart and Flutter apps that use Pub packages
Dependabot security updates now supports the Pub ecosystem, making it easier for you to fix vulnerable dependencies in your Dart or Flutter apps. With security updates enabled, Dependabot will automatically raise a pull request to update vulnerable Pub dependencies to the latest patched version.
GitHub's audit log allows organization and enterprise admins to quickly review the actions performed by members of their organization or enterprise. For Dependabot alerts, the audit log includes actions such as repository enablement, creation or reintroduction of alerts, dismissal of alerts, and resolving of alerts.
The audit log now supports the following improvements:
- Dismissal comments, if provided with a Dependabot alert, are now displayed in the audit log
- The audit log API for Dependabot alerts now supports several new fields:
alert_number,ghsa_id,dismiss_reason, anddismiss_comment. - Additional minor improvements, including links back to the alert and correct timestamps added to events.
This release is available for organization and enterprise admins (including GHES 3.7 and later).
For more information, view documentation on Dependabot alerts in the GitHub audit log.