GitHub can now alert of supply-chain bugs in new dependencies

https://www.bleepingcomputer.com/news/security/github-can-now-alert-of-supply-chain-bugs-in-new-dependencies/