Repository admins or members of the security manager role can now enable or disable private vulnerability reporting on respositories via REST API.
Learn more about private vulnerability reporting.
Deprecation – Dependabot updates drop support for Python 3.6 and 3.7
As of August 17, 2023, Dependabot updates no longer support Python 3.6 or 3.7, which have reached their end-of-life. If your code uses these versions, Dependabot will no longer be able to open pull requests in your repository and will log errors. Update to at least Python 3.8 to ensure your code is secure and Dependabot can still run.
This change impacts Dependabot pull requests only – you will continue to receive Dependabot alerts for dependencies with known vulnerabilities. To resolve the alert, you can upgrade the affected package yourself manually.
View the official release cycle for Python for more information on supported versions.
Users with secret scanning enabled on their free public repositories will now receive alerts for any potential secrets exposed in an issue’s title, description, or comments, including historical revisions. Alerts can be viewed within the UI or the REST API.
New issues are being scanned starting today and existing issues will be scanned over the coming weeks. You can expect all public repositories to be fully scanned by September 1, 2023.
- Learn how to secure your repositories with secret scanning
- Partner with GitHub on secret scanning
- Got feedback? Open a discussion in our code security community