Dependabot security updates now supports the Pub ecosystem, making it easier for you to fix vulnerable dependencies in your Dart or Flutter apps. With security updates enabled, Dependabot will automatically raise a pull request to update vulnerable Pub dependencies to the latest patched version.
We've recently released a few minor user experience improvements for our GitHub Security Advisory form:
- You're no longer required to fill out as many fields in the form before submitting it, so you can publish faster.
- You now fill out title/description first in the form.
- You can now access the CVSS Calculator as a top-level attribute, rather than it being the bottom of a dropdown menu.