Dependabot Updates hit GA in GHES

Dependabot updates are now generally available on GitHub Enterprise Server (GHES) 3.5, allowing for the automatic updating of dependencies via pull requests—a feature long requested by GHES users. This update builds on existing Dependabot alerts and security updates by introducing Dependabot version updates, which help keep dependencies current and reduce vulnerabilities. Setting up Dependabot on GHES requires enabling GitHub Actions (though not supported on cluster configurations), configuring self-hosted Linux runners with internet access, and installing Docker. The GHES setup process includes enabling the dependency graph and Dependabot features in the Management Console, with the entire process documented in GitHub's resources. The integration of Dependabot with GitHub Actions enables monitoring and management similar to other actions but requires self-hosted runners, as the tool analyzes dependencies to suggest the lowest secure versions. The post encourages feedback on this new feature and offers links for further guidance on implementation.