Yarn support for security alerts

GitHub has expanded its security alerts to include Yarn-based projects, ensuring that developers using Yarn for dependency management receive notifications about vulnerabilities in their yarn.lock manifests. This addition builds on the existing system, which already supports JavaScript developers using NPM-based projects. Public repositories will automatically receive these alerts, while private repository owners or those who previously opted out can enable the dependency graph to access this feature. This initiative, managed by Justin Hutchings, Director of Product Management for supply chain security, aims to enhance the security of software dependencies through tools like Dependabot and the Advisory Database.