Dependabot security updates help you keep your dependencies secure by opening pull requests when a Dependabot alert is raised. With today’s release, you can now use flexible grouping options in dependabot.yml to control how Dependabot structures its security pull requests to make them more mergeable for you based on your context. Whether you’d like to simply update as many dependencies at once as possible (patterns: '*') or minimize the risk of breaking changes (dependency-type: development or update-types: "patch"), there are grouping options for you.
By specifying applies-to: security-updates in your group rule configuration, you can specify how you would like Dependabot to group your security updates. If you would like Dependabot to group together all possible updates for an ecosystem, you can instead use the UI located in your repository settings to do so. To learn more about this, check out our documentation here.
The available grouping options are:
patterns, which will match based on package namesdependency-type, which will group based on development or production dependencies, for ecosystems where this is supported, andupdate-types, which will group based on SemVer level updateSponsoring multiple projects for multiple months just got easier. You can set up sponsorships for your dependencies in a CSV, review and edit the recurring sponsorships, and checkout in one transaction.
Read the documentation for details or go to Sponsors Explore to get started. Let us know what you think.
We’ve enhanced Custom Organization Roles by adding fine-grained permissions for GitHub Actions. Now, with Enterprise Cloud plans, organization owners can assign members and teams specific permissions for managing various aspects of Actions, including:
These additional settings allow organization owners to delegate CI/CD automation management responsibilities to individuals or teams without granting access to any other organization owner privileges.
Please refer to our documentation for more detail about GitHub Actions fine grained permissions with Custom Organization Roles.