Improvement
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Today, we're shipping a new filter for the Dependabot alerts list view. In the alerts list view, you can now filter for scope:development or scope:runtime. Alerts for development dependencies also feature a label in the UI.
Dependency scope information will be available for alerts opened on or after June 23, 2022.
Which ecosystems are supported?
The following ecosystems are supported as of June 23, 2022:
| Language | Ecosystem | Dependency Scope |
|---|---|---|
| Ruby | RubyGems | ✅ |
| JavaScript | npm | ✅ |
| JavaScript | Yarn | No, defaults to runtime |
| PHP | Composer | ✅ |
| Go | Go modules | No, defaults to runtime |
| Java | Maven | ✅ test maps to development, all else default to runtime |
| Python | Poetry | ✅ |
| Python | pip | ✅ for pipfile, for requirements.txt scope is development if the filename contains “test” or “dev”, else it is runtime |
| .NET | NuGet | ✅ only for .nuspec when tag != runtime; for all other cases defaults to runtime |
| Rust | Cargo | ✅ |
For more information, learn more about Dependabot alerts in our documentation.