Back to changelog

Improvement

February 10, 2026 • 1 minute read

Track additional Dependabot configuration changes in audit logs

Two new event types are now available to track changes to Dependabot settings through your organization and enterprise audit logs.

Dependabot vulnerability updates toggle logs when someone enables or disables Dependabot vulnerability updates on a repository. Learn more in our dependabot_security_updates documentation.
Self-hosted runner configuration logs when someone enables or disables Dependabot on self-hosted runners. Learn more in our repository_dependency_updates_self_hosted documentation.

Each event captures the actor who made the change and when it occurred. You’ll find these events in your organization audit log or enterprise audit log. This new data allows you to:

Track configuration changes for compliance and auditing purposes.
Identify unauthorized modifications to security settings.
Perform forensic investigations when needed.

Join the discussion in the GitHub Community.

Feb.03 Improvement

Dependabot now supports OIDC authentication

supply chain security

Feb.03 Release

The Dependabot Proxy is now open source with an MIT license

ecosystem & accessibility

Jan.27 Retired

Changes to GitHub Dependabot pull request comment commands

supply chain security

Jan.20 Improvement

Strengthen your supply chain with code-to-cloud traceability and SLSA Build Level 3 security

actions

Jan.13 Release

New fine-grained permission for artifact metadata is now generally available

actions

Dec.19 Improvement

You can now require reviews before closing Dependabot alerts with delegated alert dismissal

supply chain security

Dec.16 Improvement

Conda ecosystem support for Dependabot version updates now generally available

supply chain security

Dec.16 Release

Dependabot version updates now support Julia

supply chain security

Dec.16 Release

Dependabot version updates now support Bazel

supply chain security