When changes in a repository make a Dependabot pull request out-of-date, Dependabot will automatically rebase it so that it is able to be merged without your manual effort. With this release, if a PR has not been merged for 30 days, Dependabot will stop rebasing it and will include a note about this in the PR body. You will still be able to manually rebase and merge the pull request. We've heard your feedback about Dependabot noisiness and are making Dependabot quieter and more focused on repositories you care about. For enterprise customers, this improvement has the added benefit of enhanced efficiency with your self-hosted GitHub Actions runners. For Enterprise Server customers, this update will be available to you in GHES 3.10.
Deprecation: Importing non-Git repositories with GitHub Importer
GitHub Importer allows you to import repositories from other code hosting platforms to GitHub.com using a UI or REST API.
Today, GitHub Importer supports Git, Mercurial, Subversion and Team Foundation Version Control (TFVC) repositories.
From April 12, 2024, we will no longer support importing Mercurial, Subversion and Team Foundation Version Control (TFVC) repositories. We’re ending support for this functionality due to extremely low levels of usage.
Even without GitHub Importer, moving from these alternative version control systems to Git is simple thanks to fantastic open source tools – for more details, read our Docs article, “Using the command line to import source code”.
EDIT: The original end of support date in this post was October 17, 2023. We delayed this change in order to give customers more time to adapt.
You can now filter by repository topic or team on the enterprise-level Dependabot, code scanning, and secret scanning pages in security overview.
These improvements have shipped to GitHub.com and will be available in GitHub Enterprise Server 3.9.
Learn more security overview and send us your feedback
Learn more about GitHub Advanced Security