If you manage your node.js dependencies with the pnpm package manager, you can now use Dependabot to keep those dependencies updated with automatic pull requests. You can easily configure this feature by adding or updating your dependabot.yml file in your repository. At this time, Dependabot will not open security alerts against pnpm dependencies.
GitHub Actions: You can now disable repo level self-hosted runners in an Enterprise and Organization
Enterprise administrators can now disable repository level self-hosted runners across organizations and enterprise user namespaces.
Once this new setting has been enabled users will no longer be able to register new self-hosted runners in a repository and existing runners will not be able to receive new jobs.
Learn more about Disabling or limiting GitHub Actions for your organization
All eligible GitHub Enterprise accounts can now try GitHub Advanced Security for free for 14 days. GitHub Advanced Security provides integrated security with unparalleled access to curated security intelligence. This unlocks your ability to keep your code, supply chain, and secrets secure before pushing the code to production. During the trial, you can try features such as:
- Code scanning to help find and remediate security issues in your code
- Secret scanning to prevent and detect secret exposures across your organization
- Dependency review to catch vulnerable dependencies before introducing them to your environment
Explore our documentation to learn more about GitHub Advanced Security features and how to deploy them in your organization.
- Join the community discussion and leave us your feedback!