API users can now integrate with a new dependabot_alert webhook, which matches the naming and structure of the recently introduced Dependabot alerts REST API. You should use this webhook in place of the existing repository_vulnerability_alert.
Improvements with the new webhook include:
read permission.created, dismissed, reopened, fixed, or reintroduced. See below for descriptions:| Action | Action definition |
|---|---|
created |
github has opened the Dependabot alert |
dismissed |
GitHub user dismissed the alert with dismissed_reason and an optional dismissed_comment |
reopened |
GitHub user manually reopened the previously-dismissed alert |
fixed |
github detected the Dependabot alert is resolved |
reintroduced |
github reopened the previously-fixed alert |
The repository_vulnerability_alert webhook is being deprecated. In 2023, we plan to remove the existing repository_vulnerability_alert webhook, which is superseded by the dependabot_alert webhook. We will give integrators at least 3 months notice of this removal — keep an eye on the GitHub Changelog in 2023 for more information.
Learn more about the Dependabot alerts webhook in our documentation.
Dart developers will now receive Dependabot alerts for known vulnerabilities on their pubspec dependencies.
The dependency graph supports detecting pubspec.lock and pubspec.yaml files. Dependencies from these files will be displayed within the dependency graph section in the Insights tab.
The Advisory Database includes curated security advisories for vulnerabilities on pubspec packages.
Learn more about:
Today, we're releasing updates that will optimize prebuilding codespaces for your repositories. With these updates, as long as there is an active prebuild for a given repository, branch, and devcontainer combination, you will be able to spin up prebuilt codespaces for it, even if the latest prebuild workflow for that branch might be failing. This ensures fast codespace creation most of the times regardless of any breaking changes that may be adversely affecting the latest prebuild update.
Repository admins will have the option to disable this optimization if needed by going to their prebuild configuration page under advanced options.
For more information, see Configuring prebuilds for your repository.
If you have any feedback to help improve this experience, be sure to post it on our discussions forum.