GitHub’s dependency graph now supports a wider range of package ecosystems, including transitive path information and the registered name of the ecosystem. This change increases the accuracy and usefulness of GitHub’s dependency insights, SBOMs, and API results.
The Package URL project provides a registry of software package ecosystems, with a standardized format for package type, namespace, version, and human-readable identifiers. With this release, graphs posted to the dependency submission API that include purl identifiers will now:
transitive and direct relationships, if they were submitted.DependencyGraphDependency object, in the field packageUrl. For searching and filtering, note that the top-level ecosystem type for all purl-identified packages is now other. These packages used to have the unknown type.
To begin using this feature, add a dependency submission action for a purl-supported package ecosystem you’re using in your repository. Then navigate to the repository’s Insights tab and select Dependency graph.
VMware ESXi 8.0 hypervisor support is now available for GitHub Enterprise Server (GHES) 3.16.0, 3.15.4, 3.14.9, 3.13.12, and later. Until now, GHES was supported on ESXi versions 5.5 to 7.0. However, ESXi 7.0 is reaching the end of general support by October 2025.
If your GHES installation is on VMware ESXi 7.x or an earlier version, you can now use the ESXi 8.0 hypervisor. For more information about installing GHES on VMware, see install on VMware.
Today we’re announcing recent fixes and enhancements to the improved pull request merge experience that became generally available earlier this month.
You can now choose to show the list of status checks as a single flat list or grouped by status. Click the settings gear and choose either “Group by status” (the default) or “No grouping“.
Some of the noteworthy fixes that have landed in the last few weeks:
Started 2s ago) now updates consistently.To ask questions or provide feedback, join the discussion within GitHub Community.