The post Dependabot updates ceases supporting npm version 6 [Closing Down] appeared first on The GitHub Blog.

Endpoints Affected

The following security manager endpoints will be retired in 12 months:

• GET /orgs/{org}/security-managers/teams
• PUT /orgs/{org}/security-managers/teams/{team_slug}
• DELETE /orgs/{org}/security-managers/teams/{team_slug}

After this period, these endpoints will no longer be available. Instead, you can use the organization roles API to perform the same actions and much more.

Retirement Timeline

• GitHub.com: 2025-12-31
• GitHub Enterprise Server: Version 3.20

Replacements

The organization roles API offers enhanced capabilities for managing roles across an organization. Use the following endpoint as a replacement:

• GET /orgs/{org}/roles
• GET /orgs/{org}/roles/{role_id}/teams
• PUT /orgs/{org}/roles/{role_id}/teams/{team_slug}
• DELETE /orgs/{org}/roles/{role_id}/teams/{team_slug}

You can start transitioning to the organization roles API today on GitHub.com. For GitHub Enterprise Server users, the organization roles API will support the security manager role starting in version 3.16.

Learn more about the organization roles API and send us your feedback

The post Notice of breaking changes: Security manager REST API will be retired and replaced with the organization roles REST API appeared first on The GitHub Blog.

See our documentation to learn more about configuring Dependabot.

The post Dependabot can now perform version updates for the .NET SDK appeared first on The GitHub Blog.

View Composer’s official documentation for more information about supported releases.

The post Deprecation – Dependabot no longer supports Composer v1 appeared first on The GitHub Blog.

This new feature combines the power of GitHub Copilot with Dependabot, making it easier than ever to automatically fix breaking changes introduced by dependency updates. With Copilot Autofix, you can save time and minimize disruptions by receiving AI-generated fixes to resolve breaking changes caused by dependency upgrades in Dependabot-authored pull requests.

Why Copilot Autofix for Dependabot?

Dependency updates can introduce breaking changes that lead to failing CI tests and deployment delays. Identifying the exact cause of these breaks and implementing the correct fix can require significant time and effort, making it challenging to stay on the most up-to-date and secure version of a dependency.

Dependabot can now leverage the power of Copilot Autofix to analyze dependency updates that fail CI tests and suggest fixes, all within the pull request. Copilot Autofix for Dependabot not only helps keep your dependencies up to date, but also keeps your CI green. Staying up-to-date on dependencies upgrades with breaking changes is now easier and faster than ever.

How to join the private preview

To sign up for the feature waitlist, fill out the form to express your interest. We’ll notify selected participants as we roll out the feature over the coming weeks.

This feature is available in private preview to GitHub Advanced Security customers on cloud deployments. Starting today, we support TypeScript repos with tests set up in GitHub Actions. As we continue to develop this feature, we will expand coverage for additional languages and testing requirements.

Learn more

Please keep an eye on future changelogs for more updates as the feature moves to public preview and general availability.

To learn more, please join the waitlist or check out the latest GitHub feature previews.

To hear what others are saying and offer your own take, join the discussion in the GitHub Community.

The post Copilot Autofix for Dependabot now available for TypeScript repositories (private preview) appeared first on The GitHub Blog.

The current REST API endpoint to enable or disable a security feature for an enterprise is now deprecated. It will continue to work for an additional year in the current version of the REST API before being removed in September of 2025, but note that it may conflict with settings assigned in code security configurations if the configuration is unenforced, potentially resulting in a security configuration being unintentionally removed from a repository. To change the security settings for repositories at the enterprise level, you can use the current enterprise-level security settings UI or the upcoming code security configurations API.

Send us your feedback!.

The post Upcoming replacement of enterprise code security enablement UI and APIs appeared first on The GitHub Blog.

The post Deprecation notice – Dependabot will no longer support Composer v1 appeared first on The GitHub Blog.

View Bundler’s official support policies for more information about supported releases.

The post Deprecation – Dependabot no longer supports Bundler v1 appeared first on The GitHub Blog.

The post Deprecation notice: Dependabot dropping support for Bundler v1 appeared first on The GitHub Blog.

Try it yourself by asking questions like:
– How would I fix this alert?
– How many alerts do I have on this PR?
– What class is this code scanning alert referencing?
– What library is affected by this Dependabot alert?
– What security alerts do I have in this repository?

Learn more about asking questions in Copilot Chat on GitHub.com or about GitHub Advanced Security.

The post Copilot Chat in GitHub.com is now contextually aware of GitHub Advanced Security alerts appeared first on The GitHub Blog.