Dependabot support for pub private repositories and registries

If you use private hosted pub repositories or registries to manage your Dart dependencies, Dependabot can now automatically update those dependencies. By adding the details of the private repository or registry to dependabot.yml, Dependabot will be able to access and update these dependencies.

Secret scanning adds webhook support for validity checks

The secret_scanning_alert webhook is sent for activity related to secret scanning alerts. Secret scanning webhooks now support validity checks, so you can keep track of changes to validity status.

Changes to the secret_scanning_alert webhook:

  • A new validity property that is either active, inactive, or unknown depending on the most recent validity check.
  • A new action type, validated, which is triggered when a secret’s validity status changes.

Note: you must enable validity checks at the repository or organization level in order to opt in to the feature. This can be done from your secret scanning settings on the Code security and analysis settings page by selecting the option to “automatically verify if a secret is valid by sending it to the relevant partner.”

Learn more about which secret types are supported or the secret scanning webhook.

See more

Enhanced Codespaces Connection

We’re excited to announce an important upgrade to the Codespaces connection infrastructure. Our team has been working to enhance the security, reliability, and overall performance of both the main connection and port forwarding features.

What’s Changing

To support these enhancements, we require the addition of *.visualstudio.com to be allowlisted for your firewall rules. This is a crucial step to ensure a seamless and secure experience with Codespaces.

Release Plan

Today we are going to enable you to opt into this new connection system through the Feature Preview section on github.com. This feature flag will be an opt-in flag for two weeks to enable you to test these changes against your own firewalls.

In two weeks we will turn on these changes as a default. Users can opt out of using this new connection system for 30 days under the same feature flag. Customers who need more time will be able to request extra time through GitHub Support.

After 30 more days we will move everyone over to our new connection system.

Your Action Needed

Ensure that *.visualstudio.com is allowlisted under your firewall rules.

Enable the feature flag under github.com to test these changes out yourself, as well as to ensure these domains are added to your firewall rules promptly to maintain uninterrupted access and optimal functionality of Codespaces.

If you’re having any issues, read our firewall troubleshooting guide.

We appreciate your cooperation and understanding as we continue to improve your experience with Codespaces. If you have any questions or need assistance, our support team is here to help.

Thank you for being a valued member of the Codespaces community.

See more
View all changes