Skip to content

Skip scheduled Dependabot runs after 30 failures

Sometimes, due to misconfiguration or incompatible versions, Dependabot jobs for a repository will fail and Dependabot will continue to run and continue to fail. Now, after 30 failed runs, Dependabot will immediately fail subsequent scheduled jobs until you trigger a check for updates from the dependency graph or by updating a manifest file. Dependabot security update jobs will still trigger as usual.

You can now easily find all alerts associated with a specific language with the new language filter on the code scanning alerts page.

To show all the code scanning alerts for a language, type 'language:javascript' in the Filter alerts text box.

Language filter

You can also use a file path filter to see all the alerts located in specific files or directories to sort and manage them efficiently by focusing on a specific part of the code related to the project.
This can be useful to manage lots of alerts on big repositories (monorepos) to review all alerts specific to the part of the code you are responsible for faster.

To apply the file path filter, type 'path:' and the path to the file or directory in the Filter alerts text box.

Path filter

This has shipped to and will be available in GitHub Enterprise Server 3.10.

Learn more about filtering code scanning alerts.

See more

Starting today, you will now receive Dependabot alerts for vulnerabilities associated with your Swift dependencies.

The GitHub Advisory Database now includes curated Swift advisories. This brings the Advisory Database to twelve supported ecosystems, including: Composer (PHP), Erlang, GitHub Actions, Go, Maven, npm, NuGet, pip, Pub, RubyGems and Rust.

The dependency graph now supports detecting Package.resolved files. Swift dependencies from these files will be displayed within the dependency graph section in the Insights tab.

Dependabot security updates support will be added at a later date.

See more