From theregister.co.uk
![A patched piece of denim from Shutterstock](https://regmedia.co.uk/2019/05/29/shutterstock_441757531.jpg?x=442&y=293&crop=1)
GitHub can now automagically offer security patches for projects’ third-party dependencies.
The Microsoft-owned source-code management site announced on Wednesday the new beta-grade feature: when enabled, developers will receive automatically generated pull requests that, when accepted, will apply security fixes to a project’s dependencies.
For example, Lindsey is a programmer who maintains a project that makes use of three other packages from outside developers, and opts into this new feature. When one of those packages needs a patch for a security vulnerability, Lindsey gets an automatically generated pull request that, when accepted, will merge the fixed package into the project.