Dependabot Grouped Security Updates Public Beta

Reduce pull request noise and fix multiple security alerts at once with Dependabot grouped security updates.

Starting today, you can enable grouped security updates for Dependabot at the repository or organization-level. When you click “Enable” for this feature, Dependabot will collect all available security updates in a repository and attempt to open one pull request with all of them, per ecosystem, across directories. There is no further configuration available at this time.

Known limitations

  • Dependabot will NOT group across ecosystem (e.g. it will not group pip updates and npm updates together)
  • Dependabot WILL group across directories (e.g. if you have multiple package.json’s in different directories in the same repository)
  • If you have version updates enabled as well, Dependabot will NOT group security updates with version updates
  • If you use grouping for version updates, your groups configuration in dependabot.yml will NOT apply to security updates

To enable this feature, go to your repository or organization settings page, then go to the Code security and analysis tab, and click “Enable” for grouped security updates (this also requires each affected repository to enable Dependency graph, Dependabot alerts, and Dependabot security updates). When you enable this feature, Dependabot will immediately attempt to create grouped security pull requests for any available security updates in your repository.

We’d love to hear your feedback as you try this feature! Join the discussion within GitHub Community.

We are rolling out a few minor updates to the user experience for GitHub repositories starting today, in order to be more responsive, performant and more easily accessed by a broader range of users.

Repository Overview:
Screenshot of repository overview page showing entering a letter to expand to go to file menu.

  • Go to file: Quickly get to the file you want from the top of every repository using our existing code search and navigation experience.
  • Special files: If you have Code of Conduct, License, or Security files in your repository, they are now shown in tabs alongside your README.

Branches:
Screenshot of branches page showing the overview tab for branches of GitHub Docs repos.

  • Status checks: At a glance, see the status checks’ details on any branch.
  • Stale Branches: The overview page for branches no longer defaults to showing stale branches to improve load times. You can still easily see stale branches by clicking the “Stale branches” tab.

Commits:
Screenshot of Commits page filtered by date and user.

  • Filters: New commits filters allow you to sort by users or limit results to specific date ranges.

These changes have been in a feature preview for the past few months and thanks to community insights, we’ve made several improvements that allowed us to now exit the preview, and bring these enhancements to everyone on GitHub. Join the conversation about this release in the community discussion.

See more

In October, we launched the beta of Repository Custom Properties, enabling you to attach key-value pairs to repositories in your organizations. Among many scenarios, one of the key components we had envisioned was the ability to filter your repository properties. Making it easier to find exactly the set of repositories you were looking for.

Starting today, you can enable a new list view for repositories. This update improves accessibility and performance and introduces a new filter bar supporting properties.

To enable select New organization repositories view option in the feature preview dialog.

PNG Custom Properties Feature Preview.

Learn more about managing custom properties for your organization and managing rulesets for your organization.

Head over to the community discussions to share your feedback.

See more