Dependabot updates support reusable workflows for GitHub Actions

March 13, 2023

If you use versioned reusable workflows in GitHub Actions, you can now use Dependabot version updates to keep those workflows up-to-date in your repositories! This is useful for anyone using reusable workflows and pinning references to them from the caller workflow, either by commit SHA or by tag.

Changes to the code search API

March 10, 2023

We are preparing to bring powerful new code search capabilities to GitHub. As part of that effort, on April 10, 2023, we will make several changes to the code search API:

Code search rate limits will be separated from the rate limits for other search types. The separate code search category will have a rate limit of 10 requests per minute.
We are deprecating support for sorting code search results. Once these changes take effect, all code search results will be sorted by best match.
All code search API endpoints will require authentication. This change only affects repository scoped queries, because all other query types already require authentication.

To prepare for these changes, make sure your code handles rate limiting. And if you’re using code search to track changes or find security vulnerabilities in your codebase, consider using webhooks or GitHub Advanced Security.

These changes will take effect in 30 days, on April 10, 2023.

See more See more

Dependency graph and Dependabot support npm v9

March 10, 2023

Dependency graph and Dependabot now parse and update package-lock.json files set with lockfileVersion: 3, which is used by npm v9. Users will receive Dependabot alerts for dependencies with known vulnerabilities.

See more See more

View all changes

Dependabot updates support reusable workflows for GitHub Actions

Changes to the code search API

Dependency graph and Dependabot support npm v9

Subscribe to The GitHub Insider