Dependency graph and Dependabot now parse and update
package-lock.json files set with
lockfileVersion: 3, which is used by npm v9. Users will receive Dependabot alerts for dependencies with known vulnerabilities.
If you use versioned reusable workflows in GitHub Actions, you can now use Dependabot version updates to keep those workflows up-to-date in your repositories! This is useful for anyone using reusable workflows and pinning references to them from the caller workflow, either by commit SHA or by tag.