Summary
Today by default, only those with the admin role for a repository can view or modify Dependabot alerts. With this change, anyone with write or maintain roles will also have permissions to view and modify Dependabot alerts by default.
Intended Outcome
Starting February 2023, default permissions for Dependabot alerts are changing so that the right collaborators can see and action on Dependabot alerts.
How will it work?
-
Based on your repository permissions, if you have write or maintain access, you'll be able to view and action on Dependabot alerts.
-
Based on your user notification settings and per-repository watching settings, you'll begin receiving notifications on Dependabot alerts.
You can adjust your user notifications settings and per-repository watching settings to make sure you're receiving notifications on Dependabot alerts for the repositories you care about.
Summary
Today by default, only those with the
adminrole for a repository can view or modify Dependabot alerts. With this change, anyone withwriteormaintainroles will also have permissions to view and modify Dependabot alerts by default.Intended Outcome
Starting February 2023, default permissions for Dependabot alerts are changing so that the right collaborators can see and action on Dependabot alerts.
How will it work?
Based on your repository permissions, if you have
writeormaintainaccess, you'll be able to view and action on Dependabot alerts.Based on your user notification settings and per-repository watching settings, you'll begin receiving notifications on Dependabot alerts.
You can adjust your user notifications settings and per-repository watching settings to make sure you're receiving notifications on Dependabot alerts for the repositories you care about.