
GitHub has updated Dependabot to include a default three-day cooldown period for version updates, reducing the risk of supply chain attacks. This new feature allows time for any issues with new releases to be identified before they are automatically integrated into projects. Security updates will still be processed immediately to ensure critical fixes are not delayed. Developers have the option to adjust or disable this cooldown through configuration settings. The update applies to all supported ecosystems on GitHub and will be included in GitHub Enterprise Server 3.23.
Read original
© GitHub ChangelogGitHub's latest update for Copilot in Visual Studio 2026 introduces several enhancements aimed at improving user experience and trust. The update includes a new usage tracking system that provides real-time alerts for usage limits, ensuring developers are aware of their billing status. A trust validation feature for MCP servers enhances security by requiring user approval for changes. Notably, the modernization agent for C++ is now generally available, offering automated and guided upgrade paths. These updates make Copilot more integrated and user-friendly, especially for C++ developers looking to modernize their codebases.
© GitHub ChangelogGitHub Copilot for JetBrains IDEs has expanded its customization capabilities, allowing developers to tailor the tool more closely to their workflows. The update introduces 'bring your own key' support, enabling the use of custom OpenAI-compatible endpoints with API keys. This flexibility is complemented by a more comprehensive plugin management experience, making it easier to integrate team-specific tools. Additionally, new features like local sandboxing and a built-in debugger skill for CLI sessions are now in public preview, enhancing the development environment's adaptability and debugging capabilities.
© GitHub ChangelogGitHub's latest feature brings AI-powered security detections directly into pull requests, enhancing its code scanning capabilities. This development broadens vulnerability coverage to include languages and frameworks not previously supported by CodeQL, allowing developers to catch potential issues earlier in the development cycle. By embedding these detections into the pull request process, developers can address security concerns before code is merged, making the review process more efficient. Currently in public preview, this feature requires a GitHub Copilot license and is available to users with GitHub Code Security, marking a significant advancement in proactive code security management.
The latest update to Claude Code, version 2.1.208, introduces several enhancements and bug fixes aimed at improving user experience and system stability. Notably, a new screen reader mode has been added to assist visually impaired users, and vim mode now supports custom insert-mode remaps. The update also addresses numerous bugs, such as memory leaks and session crashes, ensuring smoother operation. These changes make Claude Code more accessible and reliable, particularly for developers relying on its agent and background service functionalities.
The latest update to Claude Code, version 2.1.210, introduces several fixes and improvements aimed at enhancing user experience and system stability. Notably, a live elapsed-time counter has been added to prevent long-running tool calls from appearing stuck, and various bugs related to session management and command execution have been addressed. These changes make the platform more reliable, especially for developers relying on its tools for complex tasks. While no groundbreaking features are introduced, the update solidifies Claude Code's position as a dependable tool for developers.
© The Verge AISpaceXAI's Grok Build AI tool was discovered to be uploading entire user codebases to Google Cloud, including files that were supposed to be excluded and sensitive information. This practice went beyond typical data retention norms, raising significant privacy concerns. After the issue was reported by Cereblab, SpaceXAI disabled the feature, and Elon Musk assured users that all previously uploaded data would be deleted. This situation underscores the critical need for robust data privacy measures in AI tools, especially those handling proprietary and sensitive data. The incident serves as a reminder of the potential risks associated with excessive data retention in AI development environments. SpaceXAI's response and Musk's commitment to data deletion reflect the importance of transparency and user control over data.