Dependabot alerts will now be easier to prioritize with a new “Most Important” sort. For the alerts repository list view, by default, alerts will be sorted in a way to help you determine which alerts matter most. You will still be able to access additional sort options, like sort by
Manifest path in the UI.
This “Most Important” sort considers CVSS score as the primary factor, along with additional factors across vulnerability impact (potential risk), relevancy, and actionability (how easy the vulnerability is to fix). For example, when supported, this sort calculation takes into consideration whether you’re calling a vulnerable function, as well as dependency scope (e.g. if an alert is a
devDependency). This calculation will be improved over time.
This functionality will not affect Dependabot pull requests, the org-level list view of Dependabot alerts, or the GraphQL API.
For more information, see our documentation for Dependabot alerts.