Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot Grouped Security Updates GA #914

Closed
github-product-roadmap opened this issue Jan 31, 2024 · 2 comments
Closed

Dependabot Grouped Security Updates GA #914

github-product-roadmap opened this issue Jan 31, 2024 · 2 comments
Labels
all Product SKU: All cloud Available on Cloud dependabot Feature: GitHub Dependabot ga Feature phase: Generally available GHES 3.14 GHES 3.14 server Available on Server shipped Shipped

Comments

@github-product-roadmap
Copy link
Collaborator

github-product-roadmap commented Jan 31, 2024
edited by ankneis
Loading

Summary

With this feature, you will be able to configure how Dependabot groups multiple dependency updates related to Dependabot alerts into single pull requests.

Intended Outcome

This will reduce the number of Dependabot security PRs that get opened.

How will it work?

You will be able to either click a button in the repository settings page to tell Dependabot to group all security updates, or use dependabot.yml checked into the repository to configure which updates to include. You will be able to configure grouping rules based on:

  • Package name and patterns (e.g. eslint or *)
  • Dependency type (production or development)
  • Semver update (e.g. semver-patch, semver-major)
    - Directories
@github github locked and limited conversation to collaborators Jan 31, 2024
@github-product-roadmap github-product-roadmap added all Product SKU: All cloud Available on Cloud dependabot Feature: GitHub Dependabot ga Feature phase: Generally available GHES 3.13 GHES 3.13 server Available on Server labels Jan 31, 2024
@ankneis ankneis added GHES 3.14 GHES 3.14 and removed GHES 3.13 GHES 3.13 labels Mar 20, 2024
@ankneis
Copy link
Collaborator

ankneis commented Apr 18, 2024

🚢 This has shipped: https://github.blog/changelog/2024-03-28-dependabot-grouped-security-updates-generally-available

Leaving open to track for GHES release.

@ankneis ankneis added the shipped Shipped label Apr 18, 2024
@ankneis
Copy link
Collaborator

ankneis commented Sep 6, 2024

This shipped with GHES 3.14: https://docs.github.com/en/enterprise-server@3.14/admin/release-notes!

@ankneis ankneis closed this as completed Sep 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
all Product SKU: All cloud Available on Cloud dependabot Feature: GitHub Dependabot ga Feature phase: Generally available GHES 3.14 GHES 3.14 server Available on Server shipped Shipped
Projects
📣 GitHub public roadmap - updates coming Nov 2024 📣
Status: Q1 2024 – Jan-Mar
Milestone
No milestone
Development

No branches or pull requests
2 participants
@github-product-roadmap @ankneis