Skip to content

Group Configuration Options for Dependabot Security Updates – Public Beta

Dependabot security updates help you keep your dependencies secure by opening pull requests when a Dependabot alert is raised. With today’s release, you can now use flexible grouping options in dependabot.yml to control how Dependabot structures its security pull requests to make them more mergeable for you based on your context. Whether you’d like to simply update as many dependencies at once as possible (patterns: '*') or minimize the risk of breaking changes (dependency-type: development or update-types: "patch"), there are grouping options for you.

By specifying applies-to: security-updates in your group rule configuration, you can specify how you would like Dependabot to group your security updates. If you would like Dependabot to group together all possible updates for an ecosystem, you can instead use the UI located in your repository settings to do so. To learn more about this, check out our documentation here.

The available grouping options are:

  • patterns, which will match based on package names
  • dependency-type, which will group based on development or production dependencies, for ecosystems where this is supported, and
  • update-types, which will group based on SemVer level update

Learn more about grouping configuration options here.

We’ve enhanced Custom Organization Roles by adding fine-grained permissions for GitHub Actions. Now, with Enterprise Cloud plans, organization owners can assign members and teams specific permissions for managing various aspects of Actions, including:

  • Actions general settings
  • Organization runners and runner groups
  • Actions secrets
  • Actions variables

These additional settings allow organization owners to delegate CI/CD automation management responsibilities to individuals or teams without granting access to any other organization owner privileges.

Please refer to our documentation for more detail about GitHub Actions fine grained permissions with Custom Organization Roles.

See more