Dependabot Grouped Security Updates [Public Beta] #831
Labels
cloud
Available on Cloud
dependabot
Feature: GitHub Dependabot
preview
Feature phase: Preview
shipped
Shipped
Comments
github-product-roadmap
added
preview
ankneis
moved this to Q4 2023 – Oct-Dec
in 📣 GitHub public roadmap - updates coming Nov 2024 📣
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Dependabot security updates creates pull requests to update dependencies that have a vulnerability issued against it. It currently creates one pull request per dependency, but that results in a lot of noise for developers. With this feature, developers will be able to receive multiple security updates in a single pull request.
Intended Outcome
We would like to reduce the perceived "noise" of Dependabot (i.e. reduce the number of pull requests it opens) while increasing the merge rate of Dependabot pull requests (currently ~20%)
How will it work?
People will be able to turn this feature on from repository settings and then Dependabot will group multiple updates into single pull requests
The text was updated successfully, but these errors were encountered: